Mercurial > libavcodec.hg

diff h264.c @ 6018:9d1654835629 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Ensure that our total reference frame count does not exceed the SPS max frame count, which is limited to less than the size of the reference buffers, thereby preventing overflow. Part of fix for issue 281.
author heydowns
date Fri, 14 Dec 2007 06:25:23 +0000
parents e1404acccac3
children 42de24a34fd2
line wrap: on
line diff
--- a/h264.c	Fri Dec 14 05:48:27 2007 +0000
+++ b/h264.c	Fri Dec 14 06:25:23 2007 +0000
@@ -3612,6 +3612,29 @@
         s->current_picture_ptr->reference |= s->picture_structure;
     }
 
+    if (h->sps.ref_frame_count &&
+            h->long_ref_count + h->short_ref_count == h->sps.ref_frame_count){
+
+        /* We have too many reference frames, probably due to corrupted
+         * stream. Need to discard one frame. Prevents overrun of the
+         * short_ref and long_ref buffers.
+         */
+        av_log(h->s.avctx, AV_LOG_ERROR,
+               "number of reference frames exceeds max (probably "
+               "corrupt input), discarding one\n");
+
+        if (h->long_ref_count) {
+            for (i = 0; i < 16; ++i)
+                if (h->long_ref[i])
+                    break;
+
+            assert(i < 16);
+            remove_long_at_index(h, i);
+        } else {
+            remove_short_at_index(h, h->short_ref_count - 1);
+        }
+    }
+
     print_short_term(h);
     print_long_term(h);
     return 0;