Decoder: Conceal picture only if valid picture buffer is obtained.

If all the slices in the current pic were invalid, then
the decoder would not have received a valid picture buffer
in the current call. In such cases there is no need to conceal or
deblock the picture.

Bug: 62896384
Test: run ASAN-enabled PoC before/after the patch
Change-Id: I3cf6e871592826f93b0dcd2b06fff80677bc8338
CVE-2017-0833

1 files changed, 3 insertions, 4 deletions

diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c
index b6288b4..b34b6f5 100644
--- a/decoder/ih264d_api.c
+++ b/decoder/ih264d_api.c
@@ -2206,7 +2206,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op)
     }
     while(( header_data_left == 1)||(frame_data_left == 1));
 
-    if((ps_dec->u4_slice_start_code_found == 1)
+    if((ps_dec->u4_pic_buf_got == 1)
             && (ret != IVD_MEM_ALLOC_FAILED)
             && ps_dec->u2_total_mbs_coded < ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)
     {
@@ -2348,7 +2348,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op)
 
     }
 
-    if((ps_dec->u4_slice_start_code_found == 1)
+    if((ps_dec->u4_pic_buf_got == 1)
                     && (ERROR_DANGLING_FIELD_IN_PIC != i4_err_status))
     {
         /*
@@ -2374,8 +2374,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op)
         /* if new frame in not found (if we are still getting slices from previous frame)
          * ih264d_deblock_display is not called. Such frames will not be added to reference /display
          */
-        if (((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0)
-                && (ps_dec->u4_pic_buf_got == 1))
+        if ((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0)
         {
             /* Calling Function to deblock Picture and Display */
             ret = ih264d_deblock_display(ps_dec);