shithub: openh264

Download patch

ref: 928a7eac2aa03e085da007626a3526ccfc49ce13
parent: a5cabf0be455d93a2df5eb5341e7df21e58b8f6b
author: huili2 <huili2@cisco.com>
date: Wed Dec 3 15:26:00 EST 2014

fix crash issue of sliceskip and inf-loop in fmo

--- a/codec/decoder/core/inc/error_code.h
+++ b/codec/decoder/core/inc/error_code.h
@@ -154,6 +154,7 @@
 ERR_INFO_UNSUPPORTED_MGS,
 ERR_INFO_UNSUPPORTED_BIPRED,
 ERR_INFO_UNSUPPORTED_WP,
+ERR_INFO_UNSUPPORTED_SLICESKIP,
 
 ERR_INFO_FRAMES_LOST,
 ERR_INFO_DEPENDENCY_SPATIAL_LAYER_LOST,
--- a/codec/decoder/core/inc/slice.h
+++ b/codec/decoder/core/inc/slice.h
@@ -146,7 +146,6 @@
 SSliceHeader	sSliceHeader;
 PSubsetSps	pSubsetSps;
 
-uint32_t	uiNumMbsInSlice;
 uint32_t	uiDisableInterLayerDeblockingFilterIdc;
 int32_t		iInterLayerSliceAlphaC0Offset;
 int32_t		iInterLayerSliceBetaOffset;
--- a/codec/decoder/core/src/decode_slice.cpp
+++ b/codec/decoder/core/src/decode_slice.cpp
@@ -893,7 +893,7 @@
 int32_t WelsDecodeSlice (PWelsDecoderContext pCtx, bool bFirstSliceInLayer, PNalUnit pNalCur) {
   PDqLayer pCurLayer = pCtx->pCurDqLayer;
   PFmo pFmo = pCtx->pFmo;
-  int32_t i, iRet;
+  int32_t iRet;
   int32_t iNextMbXyIndex, iSliceIdc;
 
   PSlice pSlice = &pCurLayer->sLayerInfo.sSliceInLayer;
@@ -956,29 +956,6 @@
   pCurLayer->iMbX =  iMbX;
   pCurLayer->iMbY = iMbY;
   pCurLayer->iMbXyIndex = iNextMbXyIndex;
-
-  if (pSliceHeaderExt->bSliceSkipFlag == 1) {
-    for (i = 0; i < (int32_t)pSliceHeaderExt->uiNumMbsInSlice; i++) {
-      pCurLayer->pSliceIdc[iNextMbXyIndex] = iSliceIdc;
-
-
-      pCurLayer->pResidualPredFlag[iNextMbXyIndex] = 1;
-
-      if (pSliceHeaderExt->sSliceHeader.pPps->uiNumSliceGroups > 1) {
-        iNextMbXyIndex = FmoNextMb (pFmo, iNextMbXyIndex);
-      } else {
-        ++iNextMbXyIndex;
-      }
-
-      iMbX = iNextMbXyIndex % pCurLayer->iMbWidth;
-      iMbY = iNextMbXyIndex % pCurLayer->iMbHeight;
-
-      pCurLayer->iMbX =  iMbX;
-      pCurLayer->iMbY = iMbY;
-      pCurLayer->iMbXyIndex = iNextMbXyIndex;
-    }
-    return 0;
-  }
 
   do {
     if ((-1 == iNextMbXyIndex) || (iNextMbXyIndex >= kiCountNumMb)) {	// slice group boundary or end of a frame
--- a/codec/decoder/core/src/decoder_core.cpp
+++ b/codec/decoder/core/src/decoder_core.cpp
@@ -865,8 +865,8 @@
       WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //slice_skip_flag
       pSliceHeadExt->bSliceSkipFlag	= !!uiCode;
       if (pSliceHeadExt->bSliceSkipFlag) {
-        WELS_READ_VERIFY (BsGetUe (pBs, &uiCode)); //num_mbs_in_slice_minus1
-        pSliceHeadExt->uiNumMbsInSlice	= 1 + uiCode;
+        WelsLog (pLogCtx, WELS_LOG_WARNING, "bSliceSkipFlag == 1 not supported.");
+        return GENERATE_ERROR_NO (ERR_LEVEL_SLICE_HEADER, ERR_INFO_UNSUPPORTED_SLICESKIP);
       } else {
         WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //adaptive_base_mode_flag
         pSliceHeadExt->bAdaptiveBaseModeFlag	= !!uiCode;
--- a/codec/decoder/core/src/fmo.cpp
+++ b/codec/decoder/core/src/fmo.cpp
@@ -90,7 +90,7 @@
 static inline int32_t FmoGenerateMbAllocMapType1 (PFmo pFmo, PPps pPps, const int32_t kiMbWidth) {
   uint32_t uiNumSliceGroups = 0;
   int32_t iMbNum = 0;
-  int16_t i = 0;
+  int32_t i = 0;
   WELS_VERIFY_RETURN_IF (1, (NULL == pFmo || NULL == pPps))
   uiNumSliceGroups = pPps->uiNumSliceGroups;
   iMbNum			 = pFmo->iCountMbNum;