h264: Lower bound check for slice offsets
authorVittorio Giovara <vittorio.giovara@gmail.com>
Thu, 20 Feb 2014 01:38:32 +0000 (02:38 +0100)
committerReinhard Tartler <siretart@tauware.de>
Sat, 1 Mar 2014 04:05:53 +0000 (23:05 -0500)
And use the value from the specification.

Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)

Conflicts:
libavcodec/h264.c

libavcodec/h264.c
libavcodec/h264_loopfilter.c

index b256969..03c1d07 100644 (file)
@@ -3157,8 +3157,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
         get_se_golomb(&s->gb); /* slice_qs_delta */
 
     h->deblocking_filter     = 1;
-    h->slice_alpha_c0_offset = 52;
-    h->slice_beta_offset     = 52;
+    h->slice_alpha_c0_offset = 0;
+    h->slice_beta_offset     = 0;
     if (h->pps.deblocking_filter_parameters_present) {
         tmp = get_ue_golomb_31(&s->gb);
         if (tmp > 2) {
@@ -3171,10 +3171,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
             h->deblocking_filter ^= 1;  // 1<->0
 
         if (h->deblocking_filter) {
-            h->slice_alpha_c0_offset += get_se_golomb(&s->gb) << 1;
-            h->slice_beta_offset     += get_se_golomb(&s->gb) << 1;
-            if (h->slice_alpha_c0_offset > 104U ||
-                h->slice_beta_offset     > 104U) {
+            h->slice_alpha_c0_offset = get_se_golomb(&s->gb) * 2;
+            h->slice_beta_offset     = get_se_golomb(&s->gb) * 2;
+            if (h->slice_alpha_c0_offset >  12 ||
+                h->slice_alpha_c0_offset < -12 ||
+                h->slice_beta_offset >  12     ||
+                h->slice_beta_offset < -12) {
                 av_log(s->avctx, AV_LOG_ERROR,
                        "deblocking filter parameters %d %d out of range\n",
                        h->slice_alpha_c0_offset, h->slice_beta_offset);
@@ -3211,7 +3213,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
             }
         }
     }
-    h->qp_thresh = 15 + 52 -
+    h->qp_thresh = 15 +
                    FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) -
                    FFMAX3(0,
                           h->pps.chroma_qp_index_offset[0],
@@ -3280,7 +3282,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
                h->ref_count[0], h->ref_count[1],
                s->qscale,
                h->deblocking_filter,
-               h->slice_alpha_c0_offset / 2 - 26, h->slice_beta_offset / 2 - 26,
+               h->slice_alpha_c0_offset, h->slice_beta_offset,
                h->use_weight,
                h->use_weight == 1 && h->use_weight_chroma ? "c" : "",
                h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? "SPAT" : "TEMP") : "");
index b045d23..4417d79 100644 (file)
@@ -254,8 +254,8 @@ static av_always_inline void h264_filter_mb_fast_internal(H264Context *h,
     int top_type= h->top_type;
 
     int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
-    int a = h->slice_alpha_c0_offset - qp_bd_offset;
-    int b = h->slice_beta_offset - qp_bd_offset;
+    int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
+    int b = 52 + h->slice_beta_offset - qp_bd_offset;
 
     int mb_type = s->current_picture.f.mb_type[mb_xy];
     int qp      = s->current_picture.f.qscale_table[mb_xy];
@@ -711,8 +711,8 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint
     av_unused int dir;
     int chroma = !(CONFIG_GRAY && (s->flags&CODEC_FLAG_GRAY));
     int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
-    int a = h->slice_alpha_c0_offset - qp_bd_offset;
-    int b = h->slice_beta_offset - qp_bd_offset;
+    int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
+    int b = 52 + h->slice_beta_offset - qp_bd_offset;
 
     if (FRAME_MBAFF
             // and current and left pair do not have the same interlaced type