Skip to content

F
ffmpeg-mt
Commit 6be4a2fc authored by heydowns's avatar heydowns
Browse files
Options

Actually return with an error condition if we're being asked to deal with too 

many reference frames. Also check max num ref frames against our internal
ref buffer sizes.
Part of fix for roundup issue 281


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@11215 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
parent aba7c1c0
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
libavcodec/h264.c
View file @ 6be4a2fc
...@@ -7210,8 +7210,9 @@ static inline int decode_seq_parameter_set(H264Context *h){ ...@@ -7210,8 +7210,9 @@ static inline int decode_seq_parameter_set(H264Context *h){
} }
tmp= get_ue_golomb(&s->gb); tmp= get_ue_golomb(&s->gb);
if(tmp > MAX_PICTURE_COUNT-2){ if(tmp > MAX_PICTURE_COUNT-2 || tmp >= 32){
av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n"); av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
return -1;
} }
sps->ref_frame_count= tmp; sps->ref_frame_count= tmp;
sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb); sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment