Decoder: Fix in checking first_mb_in_slice
Also, increment slice header only if previous slice had atleast one MB
This is to ensure there is no out of bound read for streams with 1 MB, and
due to error 2 slices were being accessed.
Bug: 33982658
Change-Id: I5f1918c09e922ca39f495f6059dfea3fa1d49448
diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c
index d6bea99..a33a03f 100644
--- a/decoder/ih264d_parse_pslice.c
+++ b/decoder/ih264d_parse_pslice.c
@@ -1663,11 +1663,15 @@
return 0;
}
- // Inserting new slice
- ps_dec->u2_cur_slice_num++;
- ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx;
- ps_dec->i2_prev_slice_mby = ps_dec->u2_mby;
- ps_dec->ps_parse_cur_slice++;
+ /* Inserting new slice only if the current slice has atleast 1 MB*/
+ if(ps_dec->ps_parse_cur_slice->u4_first_mb_in_slice <
+ (UWORD32)(ps_dec->u2_total_mbs_coded >> ps_slice->u1_mbaff_frame_flag))
+ {
+ ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx;
+ ps_dec->i2_prev_slice_mby = ps_dec->u2_mby;
+ ps_dec->u2_cur_slice_num++;
+ ps_dec->ps_parse_cur_slice++;
+ }
}
else
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index 054dd62..c0195d7 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1070,8 +1070,7 @@
/*we currently don not support ASO*/
if(((u2_first_mb_in_slice << ps_cur_slice->u1_mbaff_frame_flag)
- <= ps_dec->u2_cur_mb_addr) && (ps_dec->u2_cur_mb_addr != 0)
- && (ps_dec->u4_first_slice_in_pic != 0))
+ <= ps_dec->u2_cur_mb_addr) && (ps_dec->u4_first_slice_in_pic == 0))
{
return ERROR_CORRUPTED_SLICE;
}