On Mon, Jan 6, 2014 at 8:36 AM, Anton Khirnov <[email protected]> wrote: > An invalid VUI is not considered a fatal error, so the SPS containing it > may still be used. Leaving an invalid value of num_reorder_frames there > can result in writing over the bounds of H264Context.delayed_pic. > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC:[email protected] > --- > libavcodec/h264_ps.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c > index 9eb252d..b5feff2 100644 > --- a/libavcodec/h264_ps.c > +++ b/libavcodec/h264_ps.c > @@ -223,6 +223,7 @@ static inline int decode_vui_parameters(H264Context *h, > SPS *sps) > > if (sps->num_reorder_frames > 16U > /* max_dec_frame_buffering || max_dec_frame_buffering > 16 */) { > + sps->num_reorder_frames = 16; > av_log(h->avctx, AV_LOG_ERROR, > "illegal num_reorder_frames %d\n", > sps->num_reorder_frames); > return AVERROR_INVALIDDATA;
I'd move the error message after the initialization and mention that we clip it. This is so that log contains the real decoded value and also because 16 is actually a legal value. Extra bonus points if you comment that that 16 corresponds to MaxDpbFrames. Vittorio _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
