RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/h264_slice: Check picture structure before setting the related fields 

This might fix a hypothetical race condition

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-02-07 02:22:44 +01:00
parent f906982c94
commit f111831ed6
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
libavcodec/h264_slice.c
View File

@ -1285,7 +1285,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
int needs_reinit = 0; int needs_reinit = 0;
int field_pic_flag, bottom_field_flag; int field_pic_flag, bottom_field_flag;
int first_slice = h == h0 && !h0->current_slice; int first_slice = h == h0 && !h0->current_slice;
int frame_num; int frame_num, picture_structure, droppable;
PPS *pps; PPS *pps;
h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@ -1503,39 +1503,35 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
} }
h->frame_num = frame_num;
h->mb_mbaff = 0; h->mb_mbaff = 0;
h->mb_aff_frame = 0; h->mb_aff_frame = 0;
last_pic_structure = h0->picture_structure; last_pic_structure = h0->picture_structure;
last_pic_droppable = h0->droppable; last_pic_droppable = h0->droppable;
h->droppable = h->nal_ref_idc == 0; droppable = h->nal_ref_idc == 0;
if (h->sps.frame_mbs_only_flag) { if (h->sps.frame_mbs_only_flag) {
h->picture_structure = PICT_FRAME; picture_structure = PICT_FRAME;
} else { } else {
if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) { if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) {
av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n"); av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n");
return -1; return -1;
} }
field_pic_flag = get_bits1(&h->gb); field_pic_flag = get_bits1(&h->gb);
if (field_pic_flag) { if (field_pic_flag) {
bottom_field_flag = get_bits1(&h->gb); bottom_field_flag = get_bits1(&h->gb);
h->picture_structure = PICT_TOP_FIELD + bottom_field_flag; picture_structure = PICT_TOP_FIELD + bottom_field_flag;
} else { } else {
h->picture_structure = PICT_FRAME; picture_structure = PICT_FRAME;
h->mb_aff_frame = h->sps.mb_aff; h->mb_aff_frame = h->sps.mb_aff;
} }
} }
h->mb_field_decoding_flag = h->picture_structure != PICT_FRAME; if (h0->current_slice) {
if (last_pic_structure != picture_structure ||
if (h0->current_slice != 0) { last_pic_droppable != droppable) {
if (last_pic_structure != h->picture_structure ||
last_pic_droppable != h->droppable) {
av_log(h->avctx, AV_LOG_ERROR, av_log(h->avctx, AV_LOG_ERROR,
"Changing field mode (%d -> %d) between slices is not allowed\n", "Changing field mode (%d -> %d) between slices is not allowed\n",
last_pic_structure, h->picture_structure); last_pic_structure, h->picture_structure);
h->picture_structure = last_pic_structure;
h->droppable = last_pic_droppable;
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} else if (!h0->cur_pic_ptr) { } else if (!h0->cur_pic_ptr) {
av_log(h->avctx, AV_LOG_ERROR, av_log(h->avctx, AV_LOG_ERROR,
@ -1543,7 +1539,14 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
h0->current_slice + 1); h0->current_slice + 1);
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
} else { }
h->picture_structure = picture_structure;
h->droppable = droppable;
h->frame_num = frame_num;
h->mb_field_decoding_flag = picture_structure != PICT_FRAME;
if (h0->current_slice == 0) {
/* Shorten frame num gaps so we don't have to allocate reference /* Shorten frame num gaps so we don't have to allocate reference
* frames just to throw them away */ * frames just to throw them away */
if (h->frame_num != h->prev_frame_num) { if (h->frame_num != h->prev_frame_num) {