Merge cherrypicks of [2315914, 2315916, 2315837, 2315963, 2315918, 2315814, 2315983, 2315964, 2316107, 2316086, 2316109, 2315977, 2316145, 2316016, 2316110, 2316221, 2316088, 2316210, 2316242, 2316222, 2316075, 2316076, 2316077, 2316089, 2316243, 2316183, 2316078, 2316112, 2316211, 2316149, 2316113, 2316212, 2316151, 2316215, 2316131, 2316115, 2316245, 2316216, 2316116, 2316217, 2316279, 2316186, 2316187, 2316246, 2316247, 2316249, 2316218, 2316092, 2316094, 2316323, 2316360, 2316379] into nyc-mr1-security-a-release
Change-Id: I0903eb2908560a590343b0a9a2ba74ce20d59611
diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c
index 33fd11f..6940788 100644
--- a/decoder/ih264d_api.c
+++ b/decoder/ih264d_api.c
@@ -1409,9 +1409,8 @@
pu1_buf += size / 2;
ps_dec->ps_dpb_mgr->ps_init_dpb[1][0] = (struct pic_buffer_t *)pu1_buf;
- size = (sizeof(UWORD32) * 3
- * (MAX_FRAMES * MAX_FRAMES))
- << 3;
+ size = (sizeof(UWORD32) * 2 * 3
+ * ((MAX_FRAMES << 1) * (MAX_FRAMES << 1)) * 2);
pv_buf = pf_aligned_alloc(pv_mem_ctxt, 128, size);
RETURN_IF((NULL == pv_buf), IV_FAIL);
ps_dec->pu4_mbaff_wt_mat = pv_buf;
@@ -2310,6 +2309,10 @@
ps_dec->u1_top_bottom_decoded |= TOP_FIELD_ONLY;
}
}
+ else
+ {
+ ps_dec->u1_top_bottom_decoded = TOP_FIELD_ONLY | BOT_FIELD_ONLY;
+ }
/* if new frame in not found (if we are still getting slices from previous frame)
* ih264d_deblock_display is not called. Such frames will not be added to reference /display
diff --git a/decoder/ih264d_dpb_mgr.c b/decoder/ih264d_dpb_mgr.c
index a75aeee..e02cc90 100644
--- a/decoder/ih264d_dpb_mgr.c
+++ b/decoder/ih264d_dpb_mgr.c
@@ -291,6 +291,8 @@
ps_mov_node->s_bot_field.u1_reference_info = IS_LONG_TERM;
ps_mov_node->s_top_field.u1_long_term_frame_idx = u4_lt_idx;
ps_mov_node->s_bot_field.u1_long_term_frame_idx = u4_lt_idx;
+ u1_mark_bot_field_long_term = 1;
+ u1_mark_top_field_long_term = 1;
}
ps_mov_node->u1_lt_idx = u4_lt_idx; //Assign the LT index to the node
@@ -337,7 +339,7 @@
/* Increment LT buf count only if new LT node inserted */
/* If Increment during top_field is done, don't increment */
/* for bottom field, as both them are part of same pic. */
- if(!u1_mark_bot_field_long_term)
+ if(u1_mark_bot_field_long_term)
ps_dpb_mgr->u1_num_lt_ref_bufs++;
}
diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c
index 0bc4c3f..3807a14 100644
--- a/decoder/ih264d_parse_headers.c
+++ b/decoder/ih264d_parse_headers.c
@@ -361,11 +361,13 @@
}
/* read second_chroma_qp_index_offset syntax element */
- ps_pps->i1_second_chroma_qp_index_offset = ih264d_sev(
+ i_temp = ih264d_sev(
pu4_bitstrm_ofst, pu4_bitstrm_buf);
- if((ps_pps->i1_second_chroma_qp_index_offset + 12) > 24)
+ if((i_temp < -12) || (i_temp > 12))
return ERROR_INV_RANGE_QP_T;
+
+ ps_pps->i1_second_chroma_qp_index_offset = i_temp;
}
/* In case bitstream read has exceeded the filled size, then
diff --git a/decoder/ih264d_parse_islice.c b/decoder/ih264d_parse_islice.c
index 0312060..504b775 100644
--- a/decoder/ih264d_parse_islice.c
+++ b/decoder/ih264d_parse_islice.c
@@ -866,6 +866,8 @@
ps_cur_deblk_mb->u1_mb_qp = ps_dec->u1_qp;
}
+ uc_more_data_flag = MORE_RBSP_DATA(ps_bitstrm);
+
if(u1_mbaff)
{
ih264d_update_mbaff_left_nnz(ps_dec, ps_cur_mb_info);
@@ -879,7 +881,7 @@
/**************************************************************/
i2_cur_mb_addr++;
- uc_more_data_flag = MORE_RBSP_DATA(ps_bitstrm);
+
/* Store the colocated information */
{
@@ -1087,8 +1089,7 @@
{
ih264d_update_mbaff_left_nnz(ps_dec, ps_cur_mb_info);
}
- /* Next macroblock information */
- i2_cur_mb_addr++;
+
if(ps_cur_mb_info->u1_topmb && u1_mbaff)
uc_more_data_flag = 1;
@@ -1099,6 +1100,16 @@
uc_more_data_flag = !uc_more_data_flag;
COPYTHECONTEXT("Decode Sliceterm",!uc_more_data_flag);
}
+
+ if(u1_mbaff)
+ {
+ if(!uc_more_data_flag && (0 == (i2_cur_mb_addr & 1)))
+ {
+ return ERROR_EOB_FLUSHBITS_T;
+ }
+ }
+ /* Next macroblock information */
+ i2_cur_mb_addr++;
/* Store the colocated information */
{
diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c
index ca3f80b..97ea27c 100644
--- a/decoder/ih264d_parse_pslice.c
+++ b/decoder/ih264d_parse_pslice.c
@@ -1006,8 +1006,7 @@
{
ih264d_update_mbaff_left_nnz(ps_dec, ps_cur_mb_info);
}
- /* Next macroblock information */
- i2_cur_mb_addr++;
+
if(ps_cur_mb_info->u1_topmb && u1_mbaff)
uc_more_data_flag = 1;
@@ -1019,6 +1018,15 @@
COPYTHECONTEXT("Decode Sliceterm",!uc_more_data_flag);
}
+ if(u1_mbaff)
+ {
+ if(!uc_more_data_flag && (0 == (i2_cur_mb_addr & 1)))
+ {
+ return ERROR_EOB_FLUSHBITS_T;
+ }
+ }
+ /* Next macroblock information */
+ i2_cur_mb_addr++;
u1_num_mbs++;
u1_num_mbsNby2++;
ps_parse_mb_data++;
@@ -1456,7 +1464,7 @@
UWORD32 u1_inter_mb_type;
UWORD32 u1_deblk_mb_type;
UWORD16 u2_total_mbs_coded;
- UWORD32 u1_mbaff = ps_slice->u1_mbaff_frame_flag;
+ UWORD32 u1_mbaff;
parse_part_params_t *ps_part_info;
WORD32 ret;
UNUSED(u1_is_idr_slice);
@@ -1579,7 +1587,7 @@
{
// Slice data corrupted
// in the case of mbaff, conceal from the even mb.
- if((u1_mbaff) && (ps_dec->u4_num_mbs_cur_nmb & 1))
+ if((ps_dec->ps_cur_slice->u1_mbaff_frame_flag) && (ps_dec->u4_num_mbs_cur_nmb & 1))
{
ps_dec->u4_num_mbs_cur_nmb = ps_dec->u4_num_mbs_cur_nmb - 1;
ps_dec->u2_cur_mb_addr--;
@@ -1626,7 +1634,7 @@
u1_num_mbs_next = i2_pic_wdin_mbs - ps_dec->u2_mbx - 1;
u1_end_of_row = (!u1_num_mbs_next)
- && (!(u1_mbaff && (u1_num_mbs & 0x01)));
+ && (!(ps_dec->ps_cur_slice->u1_mbaff_frame_flag && (u1_num_mbs & 0x01)));
u1_slice_end = 1;
u1_tfr_n_mb = 1;
ps_cur_mb_info->u1_end_of_slice = u1_slice_end;
@@ -1699,7 +1707,7 @@
pu1_buf += size * ps_dec->u2_cur_slice_num;
ps_dec->ps_parse_cur_slice->ppv_map_ref_idx_to_poc = (volatile void **)pu1_buf;
}
-
+ u1_mbaff = ps_slice->u1_mbaff_frame_flag;
ps_dec->ps_cur_slice->u2_first_mb_in_slice = ps_dec->u2_total_mbs_coded >> u1_mbaff;
ps_dec->ps_cur_slice->i1_slice_alpha_c0_offset = 0;
ps_dec->ps_cur_slice->i1_slice_beta_offset = 0;
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index f755970..7e0815f 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1191,10 +1191,6 @@
u1_nal_unit_type = SLICE_NAL;
if(u1_is_idr_slice)
{
- if(0 == u1_field_pic_flag)
- {
- ps_dec->u1_top_bottom_decoded = TOP_FIELD_ONLY | BOT_FIELD_ONLY;
- }
u1_nal_unit_type = IDR_SLICE_NAL;
u4_idr_pic_id = ih264d_uev(pu4_bitstrm_ofst,
pu4_bitstrm_buf);
diff --git a/decoder/ih264d_process_bslice.c b/decoder/ih264d_process_bslice.c
index 4c5ee05..7784110 100644
--- a/decoder/ih264d_process_bslice.c
+++ b/decoder/ih264d_process_bslice.c
@@ -1494,7 +1494,7 @@
UWORD8 u1_i;
pic_buffer_t *ps_ref_pic;
- ps_ref_pic = ps_dpb_mgr->ps_init_dpb[1][0] + MAX_REF_BUFS;
+ ps_ref_pic = ps_dpb_mgr->ps_init_dpb[0][0] + MAX_REF_BUFS;
if(NULL == ps_ref_pic->pu1_buf1)
{
@@ -1521,7 +1521,7 @@
UWORD8 u1_i;
pic_buffer_t *ps_ref_pic;
- ps_ref_pic = ps_dpb_mgr->ps_init_dpb[1][0];
+ ps_ref_pic = ps_dpb_mgr->ps_init_dpb[0][0];
if(NULL == ps_ref_pic->pu1_buf1)
{
diff --git a/decoder/ih264d_process_intra_mb.c b/decoder/ih264d_process_intra_mb.c
index 279ff87..211d796 100644
--- a/decoder/ih264d_process_intra_mb.c
+++ b/decoder/ih264d_process_intra_mb.c
@@ -930,7 +930,9 @@
}
}
{
- UWORD8 au1_ngbr_pels[33];
+ /* Align the size to multiple of 8, so that SIMD functions
+ can read 64 bits at a time. Only 33 bytes are actaully used */
+ UWORD8 au1_ngbr_pels[40];
/* Get neighbour pixels */
/* left pels */
if(u2_use_left_mb)
@@ -1175,7 +1177,9 @@
/* Scan the sub-blocks in Raster Scan Order */
for(u1_sub_mb_num = 0; u1_sub_mb_num < 16; u1_sub_mb_num++)
{
- UWORD8 au1_ngbr_pels[13];
+ /* Align the size to multiple of 8, so that SIMD functions
+ can read 64 bits at a time. Only 13 bytes are actaully used */
+ UWORD8 au1_ngbr_pels[16];
u1_sub_blk_x = u1_sub_mb_num & 0x3;
u1_sub_blk_y = u1_sub_mb_num >> 2;
@@ -1664,7 +1668,9 @@
}
{
- UWORD8 au1_ngbr_pels[25];
+ /* Align the size to multiple of 8, so that SIMD functions
+ can read 64 bits at a time. Only 25 bytes are actaully used */
+ UWORD8 au1_ngbr_pels[32];
WORD32 ngbr_avail;
ngbr_avail = u1_is_left_sub_block << 0;
ngbr_avail |= u1_is_top_sub_block << 2;
diff --git a/decoder/ih264d_utils.c b/decoder/ih264d_utils.c
index 8d02d0e..c64ee8a 100644
--- a/decoder/ih264d_utils.c
+++ b/decoder/ih264d_utils.c
@@ -1873,6 +1873,7 @@
size = sizeof(parse_pmbarams_t) * (ps_dec->u1_recon_mb_grp);
pv_buf = ps_dec->pf_aligned_alloc(pv_mem_ctxt, 128, size);
RETURN_IF((NULL == pv_buf), IV_FAIL);
+ memset(pv_buf, 0, size);
ps_dec->ps_parse_mb_data = pv_buf;
size = sizeof(parse_part_params_t)
