From f777504f640260337974848c7d5d7a3f064bbb45 Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Thu, 20 Feb 2014 02:38:32 +0100 Subject: [PATCH] h264: Lower bound check for slice offsets And use the value from the specification. Sample-Id: 00000451-google Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato --- libavcodec/h264.c | 18 ++++++++++-------- libavcodec/h264_loopfilter.c | 8 ++++---- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 9cc32e9dec..7a81a71426 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3840,8 +3840,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0) get_se_golomb(&h->gb); /* slice_qs_delta */ h->deblocking_filter = 1; - h->slice_alpha_c0_offset = 52; - h->slice_beta_offset = 52; + h->slice_alpha_c0_offset = 0; + h->slice_beta_offset = 0; if (h->pps.deblocking_filter_parameters_present) { tmp = get_ue_golomb_31(&h->gb); if (tmp > 2) { @@ -3854,10 +3854,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->deblocking_filter ^= 1; // 1<->0 if (h->deblocking_filter) { - h->slice_alpha_c0_offset += get_se_golomb(&h->gb) << 1; - h->slice_beta_offset += get_se_golomb(&h->gb) << 1; - if (h->slice_alpha_c0_offset > 104U || - h->slice_beta_offset > 104U) { + h->slice_alpha_c0_offset = get_se_golomb(&h->gb) * 2; + h->slice_beta_offset = get_se_golomb(&h->gb) * 2; + if (h->slice_alpha_c0_offset > 12 || + h->slice_alpha_c0_offset < -12 || + h->slice_beta_offset > 12 || + h->slice_beta_offset < -12) { av_log(h->avctx, AV_LOG_ERROR, "deblocking filter parameters %d %d out of range\n", h->slice_alpha_c0_offset, h->slice_beta_offset); @@ -3894,7 +3896,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } } } - h->qp_thresh = 15 + 52 - + h->qp_thresh = 15 + FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) - FFMAX3(0, h->pps.chroma_qp_index_offset[0], @@ -3956,7 +3958,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->ref_count[0], h->ref_count[1], h->qscale, h->deblocking_filter, - h->slice_alpha_c0_offset / 2 - 26, h->slice_beta_offset / 2 - 26, + h->slice_alpha_c0_offset, h->slice_beta_offset, h->use_weight, h->use_weight == 1 && h->use_weight_chroma ? "c" : "", h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? "SPAT" : "TEMP") : ""); diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index b8bf555bc1..88ed34cc1e 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -252,8 +252,8 @@ static av_always_inline void h264_filter_mb_fast_internal(H264Context *h, int top_type= h->top_type; int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8); - int a = h->slice_alpha_c0_offset - qp_bd_offset; - int b = h->slice_beta_offset - qp_bd_offset; + int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset; + int b = 52 + h->slice_beta_offset - qp_bd_offset; int mb_type = h->cur_pic.mb_type[mb_xy]; int qp = h->cur_pic.qscale_table[mb_xy]; @@ -707,8 +707,8 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint av_unused int dir; int chroma = !(CONFIG_GRAY && (h->flags&CODEC_FLAG_GRAY)); int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8); - int a = h->slice_alpha_c0_offset - qp_bd_offset; - int b = h->slice_beta_offset - qp_bd_offset; + int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset; + int b = 52 + h->slice_beta_offset - qp_bd_offset; if (FRAME_MBAFF(h) // and current and left pair do not have the same interlaced type