ps_dec->u1_recon_mb_grp is twice the width in case of mbaff,
increasing relevant allocations accordingly.
Increased allocation of intra-prediction buffer to
include padding.
Bug: 64964675
Test: POC from bug report
Change-Id: Ic4a6151bb12ac1122c228220b9150b2a372aae21
Added an error check on the lower limit of u1_num_ref_idx_lx_active,
while parsing slice header. The minimum possible value is 1.
Bug: 64836894
Change-Id: I57056851fc135ed00f7a10af5c81eb560e9e12de
The difference between two 32 signed numbers was getting assigned
to 16 bits, leading to a divide by zero arithmetic execption.
Modified variable names to match their datatypes.
Bug: 65122447
Change-Id: I45ade1945f10b4d7660bd09fb564e60fd29d40dc
If all the slices in the current pic were invalid, then
the decoder would not have received a valid picture buffer
in the current call. In such cases there is no need to conceal or
deblock the picture.
Bug: 62896384
Test: run ASAN-enabled PoC before/after the patch
Change-Id: Ia7d979a78ae3f4fb443a1759c8e6cf8780565ad8
Merged-In: I3cf6e871592826f93b0dcd2b06fff80677bc8338
Since the maximum value of long term index is 255,
the loop control variable needs to be 32 bit.
Bug: 38448381
Test: ran POC before/after applying fix
Change-Id: Iae3ecff38d4a922bde10fde33f1cfcafd2ea2680
When the first frame is a B frame, the colocated picture
will now point to the current frame.
Test: run poc with and without this patch
Bug: 38115076
Change-Id: I48a8f128740551d6a9252931dafcf8c629ecad0d
The output buffer size given by the application, needs to be checked
in every process call. This is required in the case of resolution
change.
Bug: 36006815
Test: avcdec -i poc.bin
Change-Id: I16a92cdad23eb7b1e12c1a67c1b2599204f29249
Added an error check in the case of MMCO 6
(SET_LT_INDEX)
Bug: 38014992
Test: POC fails before / works after patch
Change-Id: I76e38a8e2ff0bab043b47f44f1f7b1d4fe60d416
(cherry picked from commit 9e4f0ce704)
The sps parameters used to detect change in
resolution/sps were incorrect. Made a fix to
use current sps from decoder context.
Bug: 38239864
Change-Id: I2d110e635ced32b3dc7f364e08a97d672fcbae37
(cherry picked from commit 8c6fe35f6d)
Postponed the initializations to decoder context
till the end of the parse sps function, after
all the error checks are done.
Bug: 37968755
Test: ran poc on ASAN-enabled build before/after
Change-Id: Ibee3383c28cede3edb68d2459565d6ce10683bbd
If resolution changes within a decode call,due to multiple
sps, the decoder hangs as the the application will
give the same data again in the next decode call. This
results in a hang. Fixed this by flaging an error,
when sps/resoultion changes within a process call.
Bug: 38487564
Test: ran POC on patched O-based system w/o hanging
Change-Id: I30095b2e8bf573c1a58a316a23b1a5e6a4af589b
Reference list needs to be initialized for every P/B
slice, to ensure colocated picture always points to a
valid picture buffer, even in the case of error.
Bug: 36279112
Change-Id: I051d7e725b0af209cc7bb333db8da3518adf78a0
Modifies how i4_header_decoded is decoder context is used, to ensure
that resolution change is detected even if PPS has not been decoded.
This retrofits parts of the below mentioned 'merged-in' commits
which solve this for mnc-dr and later versions of the library. The retrofit
required dropping portions that affected code introduced in a later baseline.
Bug: 35583675
Test: provided input file no longer hangs
Change-Id: I8fa30543759c5762b18e2380513e2ce616c858ef
Merged-In: I0d248212aaf6635f34a70ad36657416a0c623d32
Merged-In: Ifd21ebe1827d6d0c13018983c46c4301c2bb1669
Added an error check while parsing PPS syntax element
second_chroma_qp_index_offset.
Bug: 37207120
Change-Id: Icba6b7bcf5940505717ee61134ed801c221b6e26
Fixed initialization of flag u1_top_bottom_decoded
in decoder context. This flag indicates if top
field and botton field is decoded.
Bug: 36993291
Test: avcdec --input poc.h264 --output /dev/null
Change-Id: I9f8a2620683abd8b15e4780d76d4849394710716
The end of bistream error check was fixed for
odd number of macroblocks in Mbaff frames.
Bug: 37008096
Test: Ittiam-verified
Change-Id: I058d74a3c1d1511968c2b36802dfc5c102947919
Buffer allocation size for pred info was increased
in the case number reference frames equal to 1.
Bug: 36998372
Change-Id: I1f84a16703422109d40bed8436f35d0c2069c088
Initialize the buffer used to store inter mb info
(reference index, weights etc) to zero.
Bug: 36035683
Change-Id: Ie3ea4307de45813edd553b590df44323be46534f
Aligned the sizes of au1_ngbr_pels to ensure SSE42 functions do not
result in stack buffer overflow
Bug: 36490809
Change-Id: I0bfe493f94647046013759b3ec9db3c627ac471e
ps_dec->ps_cur_slice->u1_mbaff_frame_flag is updated in ih264d_start_of_pic().
So updated value should be used after calling ih264d_start_of_pic()
Bug: 33974623
Test: ran POC from bug
Change-Id: I0f1ff5e01ed39767f493f197791e51b0da74952f
(cherry picked from commit 3f6937a003)
In the case of error, initialize the new reference list1 with the first
picture in default list0 instead of default list1, as first picture in
list1 could still be invalid.
Bug: 36035074
Change-Id: I7ab493ee7a157cbefcd4da8389ff1ff899c16b7f
Increment number of long term reference buffers only when both top field
and bottom field have been set as long term.
[backport for M/N from master]
Bug: 35584425
Test: ran POC - no hang, no segfault.
Change-Id: I94e3857944da675eda38f8e1a9bd887f48bff524
(cherry picked from commit 6fa5df8811)
To handle some errors, first_slice_in_pic was being set to 2.
This is now cleaned up and first_slice_in_pic is set to 1 only once per pic.
This will ensure picture level initializations are done only once even in case
of error clips
Bug: 33717589
Bug: 33551775
Bug: 33716442
Bug: 33677995
Change-Id: If341436b3cbaa724017eedddd88c2e6fac36d8ba
ih264d_end_of_pic() was called after parsing slice of a new picture.
This is now being done at the end of decode of the current picture.
decode_gaps_in_frame_num which needs frame_num of new slice is now
done after decoding frame_num in new slice.
This helps in handling errors in picaff streams with gaps in frames
Bug: 33588051
Bug: 33641588
Bug: 34097231
Change-Id: I1a26e611aaa2c19e2043e05a210849bd21b22220
This is needed to decode streams with consecutive IDRs.
Bug: 34097231
Test: successful run of POC in security bug
Change-Id: Ib737a4ef4b8c5bb7a57c90292102dd28af0615fe
In case of MBAff streams, decoder processes two rows at a time,
this limits maximum supported width to 1920 for MBAff streams.
Bug: 33818508
Bug: 34013472
Change-Id: Iec2941f116cf3c36b63013a930319960023a3b42
[this is for mnc-dev only, not any other mnc-*-dev flavors;
there is a different patch for mnc-dr-dev, nyc-* and going forward]
After emulation prevention, data is written as an int,
so at least 3 additional bytes should be available.
And since bitstream functions read 8 bytes ahead, 8 extra bytes
should be available in the bitstream buffer.
Bug: 33934721
Test: Ittiam testing, POC in the bug no longer fails
Change-Id: I444ec6f85d01b0bade9f827e15c4b476779d6c69
