aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Downs <heydowns@borg.com>2007-12-14 05:48:27 +0000
committerJeff Downs <heydowns@borg.com>2007-12-14 05:48:27 +0000
commit41f7e2d11d2dca23842ee89d530ca9fa15cec9d8 (patch)
tree74ff571b36057b519dd50f8e79d19dca7d70e54c
parent33e00731294e304ef7935fdb6dd7214bc4df391f (diff)
downloadffmpeg-41f7e2d11d2dca23842ee89d530ca9fa15cec9d8.tar.gz
Actually return with an error condition if we're being asked to deal with too
many reference frames. Also check max num ref frames against our internal ref buffer sizes. Part of fix for roundup issue 281 Originally committed as revision 11215 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavcodec/h264.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 822a20f6ce..f34bf2c5e2 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7210,8 +7210,9 @@ static inline int decode_seq_parameter_set(H264Context *h){
}
tmp= get_ue_golomb(&s->gb);
- if(tmp > MAX_PICTURE_COUNT-2){
+ if(tmp > MAX_PICTURE_COUNT-2 || tmp >= 32){
av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
+ return -1;
}
sps->ref_frame_count= tmp;
sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);