diff options
author | Hamsalekha S <hamsalekha.s@ittiam.com> | 2017-08-01 14:51:55 +0530 |
---|---|---|
committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-12-09 19:09:40 +0300 |
commit | 06c33bbb440b4497521c00727c5ee2f9b6644ebe (patch) | |
tree | 50d51320692afbf7126b7deb8d167e01c08a9f65 /decoder | |
parent | 5a9f4056f6e444f42a4f59df175e8a06fea5df73 (diff) | |
download | android_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.tar.gz android_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.tar.bz2 android_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.zip |
Decoder: Fixed hang in the case of dangling field
The u1_top_bottom_decoded flag in the decoder context has been fixed
to be updated correctly in the case of dangling field
Bug: 63315932
Test: ran POC after patching
Change-Id: I8db4ebeb94fba735ba45f365c37e52a202ea84cd
CVE-2017-0874
Diffstat (limited to 'decoder')
-rw-r--r-- | decoder/ih264d_parse_slice.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c index 849b9c5..8a7f93a 100644 --- a/decoder/ih264d_parse_slice.c +++ b/decoder/ih264d_parse_slice.c @@ -1382,9 +1382,8 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice, if(ps_dec->u1_dangling_field == 1) { ps_dec->u1_second_field = 1 - ps_dec->u1_second_field; - ps_cur_slice->u1_bottom_field_flag = u1_bottom_field_flag; - ps_dec->u2_prv_frame_num = u2_frame_num; ps_dec->u1_first_slice_in_stream = 0; + ps_dec->u1_top_bottom_decoded = TOP_FIELD_ONLY | BOT_FIELD_ONLY; return ERROR_DANGLING_FIELD_IN_PIC; } |