From 4cc1ce4a91788a71670ea43fa0026b5a969e9e9e Mon Sep 17 00:00:00 2001 From: Benoit Fouet Date: Mon, 27 Jun 2016 13:31:21 +0200 Subject: h264: straighten dimensions check ff_h264_decode_seq_parameter_set The MBS only flag was not taken into account when checking macroblock dimensions. Also removes the unneeded check in init_dimensions for slices. --- libavcodec/h264_ps.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'libavcodec/h264_ps.c') diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 2f166c59dc..76ac9f1b3d 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -464,13 +464,6 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->gaps_in_frame_num_allowed_flag = get_bits1(gb); sps->mb_width = get_ue_golomb(gb) + 1; sps->mb_height = get_ue_golomb(gb) + 1; - if ((unsigned)sps->mb_width >= INT_MAX / 16 || - (unsigned)sps->mb_height >= INT_MAX / 16 || - av_image_check_size(16 * sps->mb_width, - 16 * sps->mb_height, 0, avctx)) { - av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n"); - goto fail; - } sps->frame_mbs_only_flag = get_bits1(gb); if (!sps->frame_mbs_only_flag) @@ -478,6 +471,14 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, else sps->mb_aff = 0; + if ((unsigned)sps->mb_width >= INT_MAX / 16 || + (unsigned)sps->mb_height >= INT_MAX / (16 * (2 - sps->frame_mbs_only_flag)) || + av_image_check_size(16 * sps->mb_width, + 16 * sps->mb_height * (2 - sps->frame_mbs_only_flag), 0, avctx)) { + av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n"); + goto fail; + } + sps->direct_8x8_inference_flag = get_bits1(gb); #ifndef ALLOW_INTERLACE -- cgit v1.2.3