diff options
| author | Vittorio Giovara <vittorio.giovara@gmail.com> | 2014-02-20 02:38:32 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2014-02-28 23:05:53 -0500 |
| commit | 7c70cee29cdfef3ae8446875f0cb9f7b05c3e3e8 (patch) | |
| tree | 91a7e67a9788520fa738af9205f7507cfe71f772 | |
| parent | 8ba514117b9f224bea10a8aa431daaa645e2fbef (diff) | |
| download | ffmpeg-7c70cee29cdfef3ae8446875f0cb9f7b05c3e3e8.tar.gz | |
h264: Lower bound check for slice offsets
And use the value from the specification.
Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)
Conflicts:
libavcodec/h264.c
| -rw-r--r-- | libavcodec/h264.c | 18 | ||||
| -rw-r--r-- | libavcodec/h264_loopfilter.c | 8 |
2 files changed, 14 insertions, 12 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b256969b6e..03c1d07ff1 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3157,8 +3157,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0) get_se_golomb(&s->gb); /* slice_qs_delta */ h->deblocking_filter = 1; - h->slice_alpha_c0_offset = 52; - h->slice_beta_offset = 52; + h->slice_alpha_c0_offset = 0; + h->slice_beta_offset = 0; if (h->pps.deblocking_filter_parameters_present) { tmp = get_ue_golomb_31(&s->gb); if (tmp > 2) { @@ -3171,10 +3171,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->deblocking_filter ^= 1; // 1<->0 if (h->deblocking_filter) { - h->slice_alpha_c0_offset += get_se_golomb(&s->gb) << 1; - h->slice_beta_offset += get_se_golomb(&s->gb) << 1; - if (h->slice_alpha_c0_offset > 104U || - h->slice_beta_offset > 104U) { + h->slice_alpha_c0_offset = get_se_golomb(&s->gb) * 2; + h->slice_beta_offset = get_se_golomb(&s->gb) * 2; + if (h->slice_alpha_c0_offset > 12 || + h->slice_alpha_c0_offset < -12 || + h->slice_beta_offset > 12 || + h->slice_beta_offset < -12) { av_log(s->avctx, AV_LOG_ERROR, "deblocking filter parameters %d %d out of range\n", h->slice_alpha_c0_offset, h->slice_beta_offset); @@ -3211,7 +3213,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } } } - h->qp_thresh = 15 + 52 - + h->qp_thresh = 15 + FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) - FFMAX3(0, h->pps.chroma_qp_index_offset[0], @@ -3280,7 +3282,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->ref_count[0], h->ref_count[1], s->qscale, h->deblocking_filter, - h->slice_alpha_c0_offset / 2 - 26, h->slice_beta_offset / 2 - 26, + h->slice_alpha_c0_offset, h->slice_beta_offset, h->use_weight, h->use_weight == 1 && h->use_weight_chroma ? "c" : "", h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? "SPAT" : "TEMP") : ""); diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index b045d2388a..4417d79bf0 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -254,8 +254,8 @@ static av_always_inline void h264_filter_mb_fast_internal(H264Context *h, int top_type= h->top_type; int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8); - int a = h->slice_alpha_c0_offset - qp_bd_offset; - int b = h->slice_beta_offset - qp_bd_offset; + int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset; + int b = 52 + h->slice_beta_offset - qp_bd_offset; int mb_type = s->current_picture.f.mb_type[mb_xy]; int qp = s->current_picture.f.qscale_table[mb_xy]; @@ -711,8 +711,8 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint av_unused int dir; int chroma = !(CONFIG_GRAY && (s->flags&CODEC_FLAG_GRAY)); int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8); - int a = h->slice_alpha_c0_offset - qp_bd_offset; - int b = h->slice_beta_offset - qp_bd_offset; + int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset; + int b = 52 + h->slice_beta_offset - qp_bd_offset; if (FRAME_MBAFF // and current and left pair do not have the same interlaced type |