From 50a580a2f581cac3de9603fc204ccdd985414179 Mon Sep 17 00:00:00 2001 From: Harish Mahendrakar Date: Mon, 1 Feb 2016 15:08:19 +0530 Subject: Ensure ih264d_start_of_pic() is not repeated in ih264d_mark_err_slice_skip() In case of error in handling MMCO commpands/reference list creation, ih264d_start_of_pic() was called again in ih264d_mark_err_slice_skip() resulting in leaking a picture or an MV buffer in buffer manager. To fix this, ensure prev_slice_err is set to 1 only if u4_pic_buf_got is zero, before calling ih264d_mark_err_slice_skip() at the end of picture decode. This will ensure ih264d_start_of_pic() is not repeated Bug: 25818142 Change-Id: I7d5a9179533581eec663bc6a19a2901e7cce6af3 --- decoder/ih264d_api.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c index cd91483..c264d9a 100644 --- a/decoder/ih264d_api.c +++ b/decoder/ih264d_api.c @@ -2085,7 +2085,7 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) num_mb_skipped = (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs) - ps_dec->u2_total_mbs_coded; - if(ps_dec->u4_first_slice_in_pic) + if(ps_dec->u4_first_slice_in_pic && (ps_dec->u4_pic_buf_got == 0)) prev_slice_err = 1; else prev_slice_err = 2; @@ -2112,8 +2112,11 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) { ih264d_signal_bs_deblk_thread(ps_dec); } - /* dont consume bitstream */ - ps_dec_op->u4_num_bytes_consumed -= bytes_consumed; + /* dont consume bitstream for change in resolution case */ + if(ret == IVD_RES_CHANGED) + { + ps_dec_op->u4_num_bytes_consumed -= bytes_consumed; + } return IV_FAIL; } -- cgit v1.2.3 From c57fc3703ae2e0d41b1f6580c50015937f2d23c1 Mon Sep 17 00:00:00 2001 From: Harish Mahendrakar Date: Wed, 17 Feb 2016 18:06:36 +0530 Subject: Decoder: Fix stack underflow in CAVLC 4x4 parse functions Bug: 26399350 Change-Id: Id768751672a7b093ab6e53d4fc0b3188d470920e --- decoder/ih264d_parse_cavlc.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/decoder/ih264d_parse_cavlc.c b/decoder/ih264d_parse_cavlc.c index a3f345c..b6a0125 100644 --- a/decoder/ih264d_parse_cavlc.c +++ b/decoder/ih264d_parse_cavlc.c @@ -443,7 +443,11 @@ WORD32 ih264d_cavlc_4x4res_block_totalcoeff_2to10(UWORD32 u4_isdc, UWORD32 u4_bitstream_offset = ps_bitstrm->u4_ofst; UWORD32 u4_trailing_ones = u4_total_coeff_trail_one & 0xFFFF; UWORD32 u4_total_coeff = u4_total_coeff_trail_one >> 16; - WORD16 i2_level_arr[16]; + // To avoid error check at 4x4 level, allocating for 3 extra levels(16+3) + // since u4_trailing_ones can at the max be 3. This will be required when + // u4_total_coeff is less than u4_trailing_ones + WORD16 ai2_level_arr[19]; + WORD16 *i2_level_arr = &ai2_level_arr[3]; tu_sblk4x4_coeff_data_t *ps_tu_4x4; WORD16 *pi2_coeff_data; @@ -721,7 +725,11 @@ WORD32 ih264d_cavlc_4x4res_block_totalcoeff_11to16(UWORD32 u4_isdc, UWORD32 u4_bitstream_offset = ps_bitstrm->u4_ofst; UWORD32 u4_trailing_ones = u4_total_coeff_trail_one & 0xFFFF; UWORD32 u4_total_coeff = u4_total_coeff_trail_one >> 16; - WORD16 i2_level_arr[16]; + // To avoid error check at 4x4 level, allocating for 3 extra levels(16+3) + // since u4_trailing_ones can at the max be 3. This will be required when + // u4_total_coeff is less than u4_trailing_ones + WORD16 ai2_level_arr[19];// + WORD16 *i2_level_arr = &ai2_level_arr[3]; tu_sblk4x4_coeff_data_t *ps_tu_4x4; WORD16 *pi2_coeff_data; @@ -993,7 +1001,11 @@ void ih264d_rest_of_residual_cav_chroma_dc_block(UWORD32 u4_total_coeff_trail_on UWORD32 u4_bitstream_offset = ps_bitstrm->u4_ofst; UWORD32 u4_trailing_ones = u4_total_coeff_trail_one & 0xFFFF; UWORD32 u4_total_coeff = u4_total_coeff_trail_one >> 16; - WORD16 i2_level_arr[4]; + // To avoid error check at 4x4 level, allocating for 3 extra levels(4+3) + // since u4_trailing_ones can at the max be 3. This will be required when + // u4_total_coeff is less than u4_trailing_ones + WORD16 ai2_level_arr[7];// + WORD16 *i2_level_arr = &ai2_level_arr[3]; tu_sblk4x4_coeff_data_t *ps_tu_4x4; WORD16 *pi2_coeff_data; -- cgit v1.2.3