Mercurial > libavcodec.hg

changeset 6017:e1404acccac3 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Actually return with an error condition if we're being asked to deal with too many reference frames. Also check max num ref frames against our internal ref buffer sizes. Part of fix for roundup issue 281
author heydowns
date Fri, 14 Dec 2007 05:48:27 +0000
parents 5455f4e43948
children 9d1654835629
files h264.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/h264.c	Fri Dec 14 05:37:23 2007 +0000
+++ b/h264.c	Fri Dec 14 05:48:27 2007 +0000
@@ -7210,8 +7210,9 @@
     }
 
     tmp= get_ue_golomb(&s->gb);
-    if(tmp > MAX_PICTURE_COUNT-2){
+    if(tmp > MAX_PICTURE_COUNT-2 || tmp >= 32){
         av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
+        return -1;
     }
     sps->ref_frame_count= tmp;
     sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);