# HG changeset patch
# User michael
# Date 1169559416 0
# Node ID 3afddc65631b34b1afbe382ab8bdac685a84da78
# Parent  3451831c696235789fdc286c8e29c8ba4b75f81f
check num_reorder_frames for validity
increase delayed_pic buffer size (one temporary is used and a terminating NULL is assumed by most code so it has to be 18 large)

diff -r 3451831c6962 -r 3afddc65631b h264.c
--- a/h264.c	Tue Jan 23 12:45:57 2007 +0000
+++ b/h264.c	Tue Jan 23 13:36:56 2007 +0000
@@ -330,7 +330,7 @@
     Picture *long_ref[32];
     Picture default_ref_list[2][32];
     Picture ref_list[2][48];     ///< 0..15: frame refs, 16..47: mbaff field refs
-    Picture *delayed_pic[16]; //FIXME size?
+    Picture *delayed_pic[18]; //FIXME size?
     Picture *delayed_output_pic;
 
     /**
@@ -7672,13 +7672,21 @@
 
     sps->bitstream_restriction_flag = get_bits1(&s->gb);
     if(sps->bitstream_restriction_flag){
+        unsigned int num_reorder_frames;
         get_bits1(&s->gb);     /* motion_vectors_over_pic_boundaries_flag */
         get_ue_golomb(&s->gb); /* max_bytes_per_pic_denom */
         get_ue_golomb(&s->gb); /* max_bits_per_mb_denom */
         get_ue_golomb(&s->gb); /* log2_max_mv_length_horizontal */
         get_ue_golomb(&s->gb); /* log2_max_mv_length_vertical */
-        sps->num_reorder_frames = get_ue_golomb(&s->gb);
-        get_ue_golomb(&s->gb); /* max_dec_frame_buffering */
+        num_reorder_frames= get_ue_golomb(&s->gb);
+        get_ue_golomb(&s->gb); /*max_dec_frame_buffering*/
+
+        if(num_reorder_frames > 16 /*max_dec_frame_buffering || max_dec_frame_buffering > 16*/){
+            av_log(h->s.avctx, AV_LOG_ERROR, "illegal num_reorder_frames %d\n", num_reorder_frames);
+            return -1;
+        }
+
+        sps->num_reorder_frames= num_reorder_frames;
     }
 
     return 0;