Merge "Decoder: Fixed incorrect use of mmco parameters." into mnc-dev
diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c
index 18de06e..deeb41c 100644
--- a/decoder/ih264d_api.c
+++ b/decoder/ih264d_api.c
@@ -2290,7 +2290,9 @@
memTab[MEM_REC_BITSBUF].u4_mem_alignment = (128 * 8) / CHAR_BIT;
memTab[MEM_REC_BITSBUF].e_mem_type = IV_EXTERNAL_CACHEABLE_PERSISTENT_MEM;
- memTab[MEM_REC_BITSBUF].u4_mem_size = MAX(256000, (luma_width * luma_height * 3 / 2));
+ memTab[MEM_REC_BITSBUF].u4_mem_size = MAX(
+ 256000,
+ (luma_width * luma_height * 3 / 2)) + EXTRA_BS_OFFSET;
{
@@ -2994,7 +2996,9 @@
/* Ignore bytes beyond the allocated size of intermediate buffer */
/* Since 8 bytes are read ahead, ensure 8 bytes are free at the
end of the buffer, which will be memset to 0 after emulation prevention */
- buflen = MIN(buflen, (WORD32)(ps_dec->ps_mem_tab[MEM_REC_BITSBUF].u4_mem_size - 8));
+ buflen = MIN(buflen,
+ (WORD32)(ps_dec->ps_mem_tab[MEM_REC_BITSBUF].u4_mem_size
+ - 8 - EXTRA_BS_OFFSET));
bytes_consumed = buflen + u4_length_of_start_code;
ps_dec_op->u4_num_bytes_consumed += bytes_consumed;
diff --git a/decoder/ih264d_defs.h b/decoder/ih264d_defs.h
index 6826baa..64b834a 100644
--- a/decoder/ih264d_defs.h
+++ b/decoder/ih264d_defs.h
@@ -107,6 +107,9 @@
/* For 420SP */
#define YUV420SP_FACTOR 2
+/*To prevent buffer overflow access; in case the size of nal unit is
+ * greater than the allocated buffer size*/
+#define EXTRA_BS_OFFSET 16*16*2
/**
***************************************************************************
diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c
index 1deb01a..48c5ebe 100644
--- a/decoder/ih264d_parse_headers.c
+++ b/decoder/ih264d_parse_headers.c
@@ -479,7 +479,7 @@
{
UWORD8 i;
dec_seq_params_t *ps_seq = NULL;
- UWORD8 u1_profile_idc, u1_level_idc, u1_seq_parameter_set_id;
+ UWORD8 u1_profile_idc, u1_level_idc, u1_seq_parameter_set_id, u1_mb_aff_flag = 0;
UWORD16 i2_max_frm_num;
UWORD32 *pu4_bitstrm_buf = ps_bitstrm->pu4_buffer;
UWORD32 *pu4_bitstrm_ofst = &ps_bitstrm->u4_ofst;
@@ -803,9 +803,19 @@
COPYTHECONTEXT("SPS: frame_mbs_only_flag", u1_frm);
if(!u1_frm)
+ u1_mb_aff_flag = ih264d_get_bit_h264(ps_bitstrm);
+
+ if((ps_dec->i4_header_decoded & 1)
+ && (ps_seq->u1_mb_aff_flag != u1_mb_aff_flag))
+ {
+ ps_dec->u1_res_changed = 1;
+ return IVD_RES_CHANGED;
+ }
+
+ if(!u1_frm)
{
u2_pic_ht <<= 1;
- ps_seq->u1_mb_aff_flag = ih264d_get_bit_h264(ps_bitstrm);
+ ps_seq->u1_mb_aff_flag = u1_mb_aff_flag;
COPYTHECONTEXT("SPS: mb_adaptive_frame_field_flag",
ps_seq->u1_mb_aff_flag);
diff --git a/decoder/ih264d_sei.c b/decoder/ih264d_sei.c
index 800f2c9..098a1f3 100644
--- a/decoder/ih264d_sei.c
+++ b/decoder/ih264d_sei.c
@@ -336,7 +336,7 @@
ui4_payload_type = 0;
u4_bits = ih264d_get_bits_h264(ps_bitstrm, 8);
- while(0xff == u4_bits)
+ while(0xff == u4_bits && !EXCEED_OFFSET(ps_bitstrm))
{
u4_bits = ih264d_get_bits_h264(ps_bitstrm, 8);
ui4_payload_type += 255;
@@ -345,7 +345,7 @@
ui4_payload_size = 0;
u4_bits = ih264d_get_bits_h264(ps_bitstrm, 8);
- while(0xff == u4_bits)
+ while(0xff == u4_bits && !EXCEED_OFFSET(ps_bitstrm))
{
u4_bits = ih264d_get_bits_h264(ps_bitstrm, 8);
ui4_payload_size += 255;
@@ -370,7 +370,8 @@
{
H264_DEC_DEBUG_PRINT("\nError in parsing SEI message");
}
- while(0 == ih264d_check_byte_aligned(ps_bitstrm))
+ while(0 == ih264d_check_byte_aligned(ps_bitstrm)
+ && !EXCEED_OFFSET(ps_bitstrm))
{
u4_bits = ih264d_get_bit_h264(ps_bitstrm);
if(u4_bits)