summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHamsalekha S <hamsalekha.s@ittiam.com>2017-08-01 14:51:55 +0530
committerIvan Kutepov <its.kutepov@gmail.com>2017-12-09 19:09:40 +0300
commit06c33bbb440b4497521c00727c5ee2f9b6644ebe (patch)
tree50d51320692afbf7126b7deb8d167e01c08a9f65
parent5a9f4056f6e444f42a4f59df175e8a06fea5df73 (diff)
downloadandroid_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.tar.gz
android_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.tar.bz2
android_external_libavc-06c33bbb440b4497521c00727c5ee2f9b6644ebe.zip
Decoder: Fixed hang in the case of dangling field
The u1_top_bottom_decoded flag in the decoder context has been fixed to be updated correctly in the case of dangling field Bug: 63315932 Test: ran POC after patching Change-Id: I8db4ebeb94fba735ba45f365c37e52a202ea84cd CVE-2017-0874
-rw-r--r--decoder/ih264d_parse_slice.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index 849b9c5..8a7f93a 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1382,9 +1382,8 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice,
if(ps_dec->u1_dangling_field == 1)
{
ps_dec->u1_second_field = 1 - ps_dec->u1_second_field;
- ps_cur_slice->u1_bottom_field_flag = u1_bottom_field_flag;
- ps_dec->u2_prv_frame_num = u2_frame_num;
ps_dec->u1_first_slice_in_stream = 0;
+ ps_dec->u1_top_bottom_decoded = TOP_FIELD_ONLY | BOT_FIELD_ONLY;
return ERROR_DANGLING_FIELD_IN_PIC;
}