shithub: openh264

Download patch

ref: a921bc6589620e0e1dbd6d7d3e6eb09f505595db
parent: 205e48c766fef40b7717dde76b08277d3ec14b72
parent: 7bace8406eefd5ad172300d1bcaa953e1c31a7c5
author: Licai Guo <licaguo@cisco.com>
date: Thu Feb 20 06:19:57 EST 2014 

Merge pull request #320 from huili2/mb_residual_size_check

remain size to prevent MB residual reading overflow


--- a/codec/decoder/core/inc/wels_const.h
+++ b/codec/decoder/core/inc/wels_const.h
@@ -93,6 +93,7 @@
 
 #define MAX_NAL_UNIT_NUM_IN_AU	32	// predefined maximal number of NAL Units in an access unit
 #define MAX_ACCESS_UNIT_CAPACITY	1048576	// Maximal AU capacity in bytes: (1<<20) = 1024 KB predefined
+#define MAX_MACROBLOCK_CAPACITY 5000 //Maximal legal MB capacity, 15000 bits is enough
 
 enum {
   BASE_MB = 0,
--- a/codec/decoder/plus/src/welsDecoderExt.cpp
+++ b/codec/decoder/plus/src/welsDecoderExt.cpp
@@ -322,7 +322,7 @@
     const int kiSrcLen,
     void** ppDst,
     SBufferInfo* pDstInfo) {
-  if (kiSrcLen > MAX_ACCESS_UNIT_CAPACITY) {
+  if (kiSrcLen > MAX_ACCESS_UNIT_CAPACITY - MAX_MACROBLOCK_CAPACITY) {//prevent from residual reading overflow
     m_pDecContext->iErrorCode |= dsOutOfMemory;
     IWelsTrace::WelsVTrace (m_pTrace, IWelsTrace::WELS_LOG_INFO,
       "max AU size exceeded. Allowed size = %d, current size = %d",