diff options
author | Mans Rullgard <mans@mansr.com> | 2011-10-11 00:58:03 +0100 |
---|---|---|
committer | Mans Rullgard <mans@mansr.com> | 2011-10-11 12:05:51 +0100 |
commit | be1242a3f2b28e9cb08515bdc1db6c14403c279a (patch) | |
tree | 4a97227174cc0917040633301f51da7d8fb4d498 | |
parent | c79d2a20bad59298188171f1316a830d563a41ee (diff) | |
download | ffmpeg-be1242a3f2b28e9cb08515bdc1db6c14403c279a.tar.gz |
h264: fix detection of optional trailing PPS elements
The PPS may contain a few trailing elements whose presence is
only signalled by data remaining after the the mandatory part
has been parsed. The current code fails to take into account
the rbsp_trailing_bits() when deciding whether to parse these
optional elements. Assuming no unnecessary padding bytes are
passed to this function, the optional elements are present if
either more than 8 extra bits remain or the remaining bits do
not form a valid rbsp_trailing_bits() after the mandatory PPS
elements have been parsed.
Signed-off-by: Mans Rullgard <mans@mansr.com>
-rw-r--r-- | libavcodec/h264_ps.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 7491807460..bb673e9d4e 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -462,6 +462,7 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){ unsigned int pps_id= get_ue_golomb(&s->gb); PPS *pps; const int qp_bd_offset = 6*(h->sps.bit_depth_luma-8); + int bits_left; if(pps_id >= MAX_PPS_COUNT) { av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id); @@ -538,7 +539,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){ memcpy(pps->scaling_matrix4, h->sps_buffers[pps->sps_id]->scaling_matrix4, sizeof(pps->scaling_matrix4)); memcpy(pps->scaling_matrix8, h->sps_buffers[pps->sps_id]->scaling_matrix8, sizeof(pps->scaling_matrix8)); - if(get_bits_count(&s->gb) < bit_length){ + bits_left = bit_length - get_bits_count(&s->gb); + if (bits_left && (bits_left > 8 || + show_bits(&s->gb, bits_left) != 1 << (bits_left - 1))) { pps->transform_8x8_mode= get_bits1(&s->gb); decode_scaling_matrices(h, h->sps_buffers[pps->sps_id], pps, 0, pps->scaling_matrix4, pps->scaling_matrix8); pps->chroma_qp_index_offset[1]= get_se_golomb(&s->gb); //second_chroma_qp_index_offset |