diff options
| author | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | 2016-12-20 12:16:31 +0530 |
|---|---|---|
| committer | Sean McCreary <mccreary@mcwest.org> | 2017-03-22 12:21:42 -0600 |
| commit | fd31b6797018b9d0160d36ab895c5af65db38fc5 (patch) | |
| tree | 979f458d83eb84fccaeb40899c15f2de1f70921b | |
| parent | 03c2fad7716bffddd8836ba51768ef2757845e66 (diff) | |
| download | android_external_libavc-fd31b6797018b9d0160d36ab895c5af65db38fc5.tar.gz android_external_libavc-fd31b6797018b9d0160d36ab895c5af65db38fc5.tar.bz2 android_external_libavc-fd31b6797018b9d0160d36ab895c5af65db38fc5.zip | |
Decoder: Fix in returning incomplete frame error
In case a slice start code is found and picture decode is not complete
and a non slice NAL is encountered, then mark the current pic as incomplete
Bug: 33250932
Bug: 33139050
CVE-2017-0466
CVE-2017-0467
CVE-2017-0482
Change-Id: I9db4446338b307310805dba90c60c8cbdeee0739
(cherry picked from commit d1896deaf15ad8c6d148702899426b64601a3358)
(cherry picked from commit c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f)
| -rw-r--r-- | decoder/ih264d_parse_headers.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c index b9eb0bc..e2b3c4b 100644 --- a/decoder/ih264d_parse_headers.c +++ b/decoder/ih264d_parse_headers.c @@ -1036,7 +1036,9 @@ WORD32 ih264d_parse_nal_unit(iv_obj_t *dec_hdl, u1_nal_unit_type = NAL_UNIT_TYPE(u1_first_byte); // if any other nal unit other than slice nal is encountered in between a // frame break out of loop without consuming header - if((ps_dec->u2_total_mbs_coded != 0) && (u1_nal_unit_type > IDR_SLICE_NAL)) + if ((ps_dec->u4_slice_start_code_found == 1) + && (ps_dec->u1_pic_decode_done != 1) + && (u1_nal_unit_type > IDR_SLICE_NAL)) { return ERROR_INCOMPLETE_FRAME; } |