ref: 9f0ed3fc4bb7ae79194b57563f9caa0795ba718d
parent: 6f876d79a6e2238056d001e3611bcc8d8d3dc2ac
author: huili2 <huili2@cisco.com>
date: Tue Dec 16 13:13:21 EST 2014
add check for cabac_init_idc range in parsing
--- a/codec/decoder/core/inc/error_code.h
+++ b/codec/decoder/core/inc/error_code.h
@@ -117,6 +117,7 @@
ERR_INFO_INVALID_SLICE_BETA_OFFSET_DIV2,
ERR_INFO_FMO_INIT_FAIL,
ERR_INFO_SLICE_TYPE_OVERFLOW,
+ERR_INFO_INVALID_CABAC_INIT_IDC,
ERR_INFO_INVALID_QP,
ERR_INFO_INVALID_PIC_INIT_QS,
ERR_INFO_INVALID_CHROMA_QP_INDEX_OFFSET,
--- a/codec/decoder/core/src/decoder_core.cpp
+++ b/codec/decoder/core/src/decoder_core.cpp
@@ -469,6 +469,7 @@
#define SLICE_HEADER_INTER_LAYER_ALPHAC0_BETA_OFFSET_MIN -12
#define SLICE_HEADER_INTER_LAYER_ALPHAC0_BETA_OFFSET_MAX 12
#define MAX_NUM_REF_IDX_L0_ACTIVE_MINUS1 15
+#define SLICE_HEADER_CABAC_INIT_IDC_MAX 2
/*
* decode_slice_header_avc
* Parse slice header of bitstream in avc for storing data structure
@@ -729,6 +730,8 @@
if (pSliceHead->eSliceType != I_SLICE && pSliceHead->eSliceType != SI_SLICE) {WELS_READ_VERIFY (BsGetUe (pBs, &uiCode));
pSliceHead->iCabacInitIdc = uiCode;
+ WELS_CHECK_SE_UPPER_ERROR (pSliceHead->iCabacInitIdc, SLICE_HEADER_CABAC_INIT_IDC_MAX, "cabac_init_idc",
+ ERR_INFO_INVALID_CABAC_INIT_IDC);
} else
pSliceHead->iCabacInitIdc = 0;
}