# HG changeset patch
# User heydowns
# Date 1197611307 0
# Node ID e1404acccac305bb4ff37392a04ae4f315309bf7
# Parent  5455f4e43948069b6534a677a13b7d6c27527185
Actually return with an error condition if we're being asked to deal with too
many reference frames. Also check max num ref frames against our internal
ref buffer sizes.
Part of fix for roundup issue 281

diff -r 5455f4e43948 -r e1404acccac3 h264.c
--- a/h264.c	Fri Dec 14 05:37:23 2007 +0000
+++ b/h264.c	Fri Dec 14 05:48:27 2007 +0000
@@ -7210,8 +7210,9 @@
     }
 
     tmp= get_ue_golomb(&s->gb);
-    if(tmp > MAX_PICTURE_COUNT-2){
+    if(tmp > MAX_PICTURE_COUNT-2 || tmp >= 32){
         av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
+        return -1;
     }
     sps->ref_frame_count= tmp;
     sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);