diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2017-06-16 18:50:30 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-06-16 18:50:30 +0000 |
| commit | 1861692f14016f26aeb052c93f16482b49deaebb (patch) | |
| tree | c6c8fa064004dc1f6b1f5266c22d6193e5420871 | |
| parent | 9362be6b2e65a4e8ce6539a26c59e247cc90cb44 (diff) | |
| parent | 9cbe47fd4d254948cf2dfd8d587a3c9a031eb86f (diff) | |
| download | libmpeg2-nougat-mr1-flounder-release.tar.gz | |
Merge cherrypicks of [2420306, 2420248, 2420158, 2420321, 2420159, 2420160, 2420266, 2420284, 2420308, 2420342, 2420177, 2420195, 2420344, 2420345, 2420179, 2420324, 2420251, 2420269, 2420271, 2420325, 2420310, 2420220, 2420348, 2420291, 2420328, 2420330, 2420383, 2420331, 2420255, 2420296, 2420278, 2420229, 2420335] into nyc-mr1-volantis-releaseandroid-7.1.1_r53android-7.1.1_r49nougat-mr1-flounder-release
Change-Id: I95afa5940b6dfec98acda459bd6b583c3068b95b
| -rw-r--r-- | decoder/impeg2d_dec_hdr.c | 29 | ||||
| -rw-r--r-- | decoder/impeg2d_vld.c | 57 |
2 files changed, 66 insertions, 20 deletions
diff --git a/decoder/impeg2d_dec_hdr.c b/decoder/impeg2d_dec_hdr.c index cd6c48f..4a84086 100644 --- a/decoder/impeg2d_dec_hdr.c +++ b/decoder/impeg2d_dec_hdr.c @@ -152,6 +152,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_dec_seq_hdr(dec_state_t *ps_dec) u2_width = impeg2d_bit_stream_get(ps_stream,12); u2_height = impeg2d_bit_stream_get(ps_stream,12); + if (0 == u2_width || 0 == u2_height) + { + IMPEG2D_ERROR_CODES_T e_error = IMPEG2D_FRM_HDR_DECODE_ERR; + return e_error; + } + if ((u2_width != ps_dec->u2_horizontal_size) || (u2_height != ps_dec->u2_vertical_size)) { @@ -710,11 +716,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_dec_pic_hdr(dec_state_t *ps_dec) * Arguments : * dec : Decoder context * -* Values Returned : None +* Values Returned : Error *******************************************************************************/ -void impeg2d_dec_pic_coding_ext(dec_state_t *ps_dec) +IMPEG2D_ERROR_CODES_T impeg2d_dec_pic_coding_ext(dec_state_t *ps_dec) { stream_t *ps_stream; + IMPEG2D_ERROR_CODES_T e_error = (IMPEG2D_ERROR_CODES_T) IV_SUCCESS; ps_stream = &ps_dec->s_bit_stream; impeg2d_bit_stream_flush(ps_stream,START_CODE_LEN); @@ -727,6 +734,11 @@ void impeg2d_dec_pic_coding_ext(dec_state_t *ps_dec) ps_dec->au2_f_code[1][1] = impeg2d_bit_stream_get(ps_stream,4); ps_dec->u2_intra_dc_precision = impeg2d_bit_stream_get(ps_stream,2); ps_dec->u2_picture_structure = impeg2d_bit_stream_get(ps_stream,2); + if (ps_dec->u2_picture_structure < TOP_FIELD || + ps_dec->u2_picture_structure > FRAME_PICTURE) + { + return IMPEG2D_FRM_HDR_DECODE_ERR; + } ps_dec->u2_top_field_first = impeg2d_bit_stream_get_bit(ps_stream); ps_dec->u2_frame_pred_frame_dct = impeg2d_bit_stream_get_bit(ps_stream); ps_dec->u2_concealment_motion_vectors = impeg2d_bit_stream_get_bit(ps_stream); @@ -754,6 +766,7 @@ void impeg2d_dec_pic_coding_ext(dec_state_t *ps_dec) { ps_dec->pu1_inv_scan_matrix = (UWORD8 *)gau1_impeg2_inv_scan_zig_zag; } + return e_error; } /******************************************************************************* @@ -804,6 +817,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_dec_slice(dec_state_t *ps_dec) { ps_dec->u2_mb_y = u4_slice_vertical_position; ps_dec->u2_mb_x = 0; + + /* Update the number of MBs left, since we have probably missed a slice + * (that's why we see a mismatch between u2_mb_y and current position). + */ + ps_dec->u2_num_mbs_left = (ps_dec->u2_num_vert_mb - ps_dec->u2_mb_y) + * ps_dec->u2_num_horiz_mb; } ps_dec->u2_first_mb = 1; @@ -1712,7 +1731,11 @@ IMPEG2D_ERROR_CODES_T impeg2d_process_video_bit_stream(dec_state_t *ps_dec) { return e_error; } - impeg2d_dec_pic_coding_ext(ps_dec); + e_error = impeg2d_dec_pic_coding_ext(ps_dec); + if ((IMPEG2D_ERROR_CODES_T)IVD_ERROR_NONE != e_error) + { + return e_error; + } e_error = impeg2d_dec_pic_ext_data(ps_dec); if ((IMPEG2D_ERROR_CODES_T)IVD_ERROR_NONE != e_error) { diff --git a/decoder/impeg2d_vld.c b/decoder/impeg2d_vld.c index 12bb617..80ee403 100644 --- a/decoder/impeg2d_vld.c +++ b/decoder/impeg2d_vld.c @@ -655,7 +655,11 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( { u4_run = ((DecodedValue >> 4) & 0x1f); u4_numCoeffs += u4_run; - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; FLUSH_BITS(u4_offset,u4_buf,u4_buf_nxt,u4_sym_len,pu4_buf_aligned) @@ -701,7 +705,11 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = ((WORD16) DecodedValue) >> 9; u4_numCoeffs += u4_run; - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; pi2_outAddr[*pi4_num_coeffs] = u4_level; (*pi4_num_coeffs)++; @@ -722,7 +730,11 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = (u4_level - ((u4_level & 0x0800) << 1)); u4_numCoeffs += u4_run; - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; pi2_outAddr[*pi4_num_coeffs] = u4_level; (*pi4_num_coeffs)++; @@ -785,8 +797,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = (u4_level - (u4_level_first_byte << 1)); } u4_numCoeffs += u4_run; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; pi2_outAddr[*pi4_num_coeffs] = u4_level; @@ -798,11 +814,6 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_nz_cols |= 1 << (u4_pos & 0x7); u4_nz_rows |= 1 << (u4_pos >> 0x3); - if (u4_numCoeffs > 64) - { - return IMPEG2D_MB_TEX_DECODE_ERR; - } - } IBITS_GET(u4_buf,u4_buf_nxt,u4_offset,u4_bits,pu4_buf_aligned,u4_sym_len) } @@ -836,8 +847,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_run = BITS(DecodedValue, 8,4); u4_numCoeffs += u4_run; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; FLUSH_BITS(u4_offset,u4_buf,u4_buf_nxt,u4_sym_len,pu4_buf_aligned) @@ -872,8 +887,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = ((WORD16) DecodedValue) >> 9; u4_numCoeffs += u4_run; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; if (1 == lead_zeros) u4_sym_len--; @@ -897,8 +916,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = (u4_level - ((u4_level & 0x0800) << 1)); u4_numCoeffs += u4_run; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; pi2_outAddr[*pi4_num_coeffs] = u4_level; @@ -962,8 +985,12 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_level = (u4_level - (u4_level_first_byte << 1)); } u4_numCoeffs += u4_run; + if (u4_numCoeffs >= NUM_COEFFS) + { + return IMPEG2D_MB_TEX_DECODE_ERR; + } - u4_pos = pu1_scan[u4_numCoeffs++ & 63]; + u4_pos = pu1_scan[u4_numCoeffs++]; pu1_pos[*pi4_num_coeffs] = u4_pos; pi2_outAddr[*pi4_num_coeffs] = u4_level; @@ -974,10 +1001,6 @@ IMPEG2D_ERROR_CODES_T impeg2d_vld_decode( u4_nz_cols |= 1 << (u4_pos & 0x7); u4_nz_rows |= 1 << (u4_pos >> 0x3); - if (u4_numCoeffs > 64) - { - return IMPEG2D_MB_TEX_DECODE_ERR; - } } |