aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMans Rullgard <mans@mansr.com>2011-10-11 00:58:03 +0100
committerMans Rullgard <mans@mansr.com>2011-10-11 12:05:51 +0100
commitbe1242a3f2b28e9cb08515bdc1db6c14403c279a (patch)
tree4a97227174cc0917040633301f51da7d8fb4d498
parentc79d2a20bad59298188171f1316a830d563a41ee (diff)
downloadffmpeg-be1242a3f2b28e9cb08515bdc1db6c14403c279a.tar.gz
h264: fix detection of optional trailing PPS elements
The PPS may contain a few trailing elements whose presence is only signalled by data remaining after the the mandatory part has been parsed. The current code fails to take into account the rbsp_trailing_bits() when deciding whether to parse these optional elements. Assuming no unnecessary padding bytes are passed to this function, the optional elements are present if either more than 8 extra bits remain or the remaining bits do not form a valid rbsp_trailing_bits() after the mandatory PPS elements have been parsed. Signed-off-by: Mans Rullgard <mans@mansr.com>
-rw-r--r--libavcodec/h264_ps.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 7491807460..bb673e9d4e 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -462,6 +462,7 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){
unsigned int pps_id= get_ue_golomb(&s->gb);
PPS *pps;
const int qp_bd_offset = 6*(h->sps.bit_depth_luma-8);
+ int bits_left;
if(pps_id >= MAX_PPS_COUNT) {
av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id);
@@ -538,7 +539,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){
memcpy(pps->scaling_matrix4, h->sps_buffers[pps->sps_id]->scaling_matrix4, sizeof(pps->scaling_matrix4));
memcpy(pps->scaling_matrix8, h->sps_buffers[pps->sps_id]->scaling_matrix8, sizeof(pps->scaling_matrix8));
- if(get_bits_count(&s->gb) < bit_length){
+ bits_left = bit_length - get_bits_count(&s->gb);
+ if (bits_left && (bits_left > 8 ||
+ show_bits(&s->gb, bits_left) != 1 << (bits_left - 1))) {
pps->transform_8x8_mode= get_bits1(&s->gb);
decode_scaling_matrices(h, h->sps_buffers[pps->sps_id], pps, 0, pps->scaling_matrix4, pps->scaling_matrix8);
pps->chroma_qp_index_offset[1]= get_se_golomb(&s->gb); //second_chroma_qp_index_offset