[FFmpeg-cvslog] r11216 - trunk/libavcodec/h264.c

heydowns subversion
Fri Dec 14 07:25:23 CET 2007


Author: heydowns
Date: Fri Dec 14 07:25:23 2007
New Revision: 11216

Log:
Ensure that our total reference frame count does not exceed the SPS 
max frame count, which is limited to less than the size of the
reference buffers, thereby preventing overflow.
Part of fix for issue 281.


Modified:
   trunk/libavcodec/h264.c

Modified: trunk/libavcodec/h264.c
==============================================================================
--- trunk/libavcodec/h264.c	(original)
+++ trunk/libavcodec/h264.c	Fri Dec 14 07:25:23 2007
@@ -3612,6 +3612,29 @@ static int execute_ref_pic_marking(H264C
         s->current_picture_ptr->reference |= s->picture_structure;
     }
 
+    if (h->sps.ref_frame_count &&
+            h->long_ref_count + h->short_ref_count == h->sps.ref_frame_count){
+
+        /* We have too many reference frames, probably due to corrupted
+         * stream. Need to discard one frame. Prevents overrun of the
+         * short_ref and long_ref buffers.
+         */
+        av_log(h->s.avctx, AV_LOG_ERROR,
+               "number of reference frames exceeds max (probably "
+               "corrupt input), discarding one\n");
+
+        if (h->long_ref_count) {
+            for (i = 0; i < 16; ++i)
+                if (h->long_ref[i])
+                    break;
+
+            assert(i < 16);
+            remove_long_at_index(h, i);
+        } else {
+            remove_short_at_index(h, h->short_ref_count - 1);
+        }
+    }
+
     print_short_term(h);
     print_long_term(h);
     return 0;




More information about the ffmpeg-cvslog mailing list