Aligned the sizes of au1_ngbr_pels to ensure SSE42 functions do not
result in stack buffer overflow
Bug: 36490809
Change-Id: I0bfe493f94647046013759b3ec9db3c627ac471e
ps_dec->ps_cur_slice->u1_mbaff_frame_flag is updated in ih264d_start_of_pic().
So updated value should be used after calling ih264d_start_of_pic()
Bug: 33974623
Test: ran POC from bug
Change-Id: I0f1ff5e01ed39767f493f197791e51b0da74952f
(cherry picked from commit 3f6937a003)
In the case of error, initialize the new reference list1 with the first
picture in default list0 instead of default list1, as first picture in
list1 could still be invalid.
Bug: 36035074
Change-Id: I7ab493ee7a157cbefcd4da8389ff1ff899c16b7f
Increment number of long term reference buffers only when both top field
and bottom field have been set as long term.
[backport for M/N from master]
Bug: 35584425
Test: ran POC - no hang, no segfault.
Change-Id: I94e3857944da675eda38f8e1a9bd887f48bff524
(cherry picked from commit 6fa5df8811)
To handle some errors, first_slice_in_pic was being set to 2.
This is now cleaned up and first_slice_in_pic is set to 1 only once per pic.
This will ensure picture level initializations are done only once even in case
of error clips
Bug: 33717589
Bug: 33551775
Bug: 33716442
Bug: 33677995
Change-Id: If341436b3cbaa724017eedddd88c2e6fac36d8ba
ih264d_end_of_pic() was called after parsing slice of a new picture.
This is now being done at the end of decode of the current picture.
decode_gaps_in_frame_num which needs frame_num of new slice is now
done after decoding frame_num in new slice.
This helps in handling errors in picaff streams with gaps in frames
Bug: 33588051
Bug: 33641588
Bug: 34097231
Change-Id: I1a26e611aaa2c19e2043e05a210849bd21b22220
This is needed to decode streams with consecutive IDRs.
Bug: 34097231
Test: successful run of POC in security bug
Change-Id: Ib737a4ef4b8c5bb7a57c90292102dd28af0615fe
In case of MBAff streams, decoder processes two rows at a time,
this limits maximum supported width to 1920 for MBAff streams.
Bug: 33818508
Bug: 34013472
Change-Id: Iec2941f116cf3c36b63013a930319960023a3b42
[this is for mnc-dev only, not any other mnc-*-dev flavors;
there is a different patch for mnc-dr-dev, nyc-* and going forward]
After emulation prevention, data is written as an int,
so at least 3 additional bytes should be available.
And since bitstream functions read 8 bytes ahead, 8 extra bytes
should be available in the bitstream buffer.
Bug: 33934721
Test: Ittiam testing, POC in the bug no longer fails
Change-Id: I444ec6f85d01b0bade9f827e15c4b476779d6c69
Reference buffer is now initialized to default value for
each pic before decoding the first slice in the pic
Bug: 34097866
Change-Id: Id64b123af2188217ce833f11db0e6c0681d41dfd
In case of MBAFF streams, slices should terminate on
even MB boundary. If bytes are exhausted with odd number
of MBs decoded for MBAff, then treat that as error.
Bug: 33933140
Change-Id: Ifc26b66ff8ebdb3aec5c0d6c512e4cac3f54c5b7
[for mnc-dr-dev and later; mnc-dev gets a different patch]
After emulation prevention, data is written as an int,
so at least 3 additional bytes should be available.
And since bitstream functions read 8 bytes ahead, 8 extra bytes
should be available in the bitstream buffer.
Bug: 33934721
Change-Id: I444ec6f85d01b0bade9f827e15c4b476779d6c69
Also, increment slice header only if previous slice had atleast one MB
This is to ensure there is no out of bound read for streams with 1 MB, and
due to error 2 slices were being accessed.
Bug: 33982658
Change-Id: I5f1918c09e922ca39f495f6059dfea3fa1d49448
When the input does not contain PPS and decoder is in header decode
mode, decoder was entering an infinite loop.
Bug: 33621215
(cherry picked from commit 33e1b190d6db09bd72a9f0f51acef4b14eabd6ff)
