diff options
author | Hamsalekha S <hamsalekha.s@ittiam.com> | 2017-06-22 16:55:28 +0530 |
---|---|---|
committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-11-11 17:58:19 +0300 |
commit | 7d6419fa962781738217b02054b4efb09fff9559 (patch) | |
tree | 99bd38bde38782b14df844bb1a3da766fcc02b2b /decoder | |
parent | 674cd04d4271831de2f75257118cf5e330c4a4d8 (diff) | |
download | android_external_libavc-7d6419fa962781738217b02054b4efb09fff9559.tar.gz android_external_libavc-7d6419fa962781738217b02054b4efb09fff9559.tar.bz2 android_external_libavc-7d6419fa962781738217b02054b4efb09fff9559.zip |
Decoder: Conceal picture only if valid picture buffer is obtained.
If all the slices in the current pic were invalid, then
the decoder would not have received a valid picture buffer
in the current call. In such cases there is no need to conceal or
deblock the picture.
Bug: 62896384
Test: run ASAN-enabled PoC before/after the patch
Change-Id: I3cf6e871592826f93b0dcd2b06fff80677bc8338
CVE-2017-0833
Diffstat (limited to 'decoder')
-rw-r--r-- | decoder/ih264d_api.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c index b6288b4..b34b6f5 100644 --- a/decoder/ih264d_api.c +++ b/decoder/ih264d_api.c @@ -2206,7 +2206,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) } while(( header_data_left == 1)||(frame_data_left == 1)); - if((ps_dec->u4_slice_start_code_found == 1) + if((ps_dec->u4_pic_buf_got == 1) && (ret != IVD_MEM_ALLOC_FAILED) && ps_dec->u2_total_mbs_coded < ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs) { @@ -2348,7 +2348,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) } - if((ps_dec->u4_slice_start_code_found == 1) + if((ps_dec->u4_pic_buf_got == 1) && (ERROR_DANGLING_FIELD_IN_PIC != i4_err_status)) { /* @@ -2374,8 +2374,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) /* if new frame in not found (if we are still getting slices from previous frame) * ih264d_deblock_display is not called. Such frames will not be added to reference /display */ - if (((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0) - && (ps_dec->u4_pic_buf_got == 1)) + if ((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0) { /* Calling Function to deblock Picture and Display */ ret = ih264d_deblock_display(ps_dec); |