Snap for 4444158 from 8c15f7efd1e85ac70c64ffc103eb87362334d48a to oreo-cts-release
Change-Id: Id046211ebdff3ffc12d6e20d55b8f8ebaf08ff49
diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c
index c5dd9c4..0341389 100644
--- a/decoder/ih264d_api.c
+++ b/decoder/ih264d_api.c
@@ -1804,7 +1804,8 @@
&& ps_dec->i4_decode_header == 0)
{
UWORD32 i;
- if(ps_dec->ps_out_buffer->u4_num_bufs == 0)
+ if((ps_dec->ps_out_buffer->u4_num_bufs == 0) ||
+ (ps_dec->ps_out_buffer->u4_num_bufs > IVD_VIDDEC_MAX_IO_BUFFERS))
{
ps_dec_op->u4_error_code |= 1 << IVD_UNSUPPORTEDPARAM;
ps_dec_op->u4_error_code |= IVD_DISP_FRM_ZERO_OP_BUFS;
@@ -2247,7 +2248,7 @@
}
while(( header_data_left == 1)||(frame_data_left == 1));
- if((ps_dec->u4_slice_start_code_found == 1)
+ if((ps_dec->u4_pic_buf_got == 1)
&& (ret != IVD_MEM_ALLOC_FAILED)
&& ps_dec->u2_total_mbs_coded < ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)
{
@@ -2389,7 +2390,7 @@
}
- if((ps_dec->u4_slice_start_code_found == 1)
+ if((ps_dec->u4_pic_buf_got == 1)
&& (ERROR_DANGLING_FIELD_IN_PIC != i4_err_status))
{
/*
@@ -2415,8 +2416,7 @@
/* if new frame in not found (if we are still getting slices from previous frame)
* ih264d_deblock_display is not called. Such frames will not be added to reference /display
*/
- if (((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0)
- && (ps_dec->u4_pic_buf_got == 1))
+ if ((ps_dec->ps_dec_err_status->u1_err_flag & REJECT_CUR_PIC) == 0)
{
/* Calling Function to deblock Picture and Display */
ret = ih264d_deblock_display(ps_dec);
diff --git a/decoder/ih264d_parse_bslice.c b/decoder/ih264d_parse_bslice.c
index db64ce9..f087f8d 100644
--- a/decoder/ih264d_parse_bslice.c
+++ b/decoder/ih264d_parse_bslice.c
@@ -1197,7 +1197,8 @@
struct pic_buffer_t *ps_pic_buff0, *ps_pic_buff1;
WORD16 i2_dist_scale_factor;
WORD16 i16_tb, i16_td, i16_tx;
- UWORD32 u4_poc0, u4_poc1;
+ WORD32 i4_tb, i4_td;
+ WORD32 i4_poc0, i4_poc1;
UWORD32 ui_temp0, ui_temp1;
UWORD8 uc_num_ref_idx_l0_active, uc_num_ref_idx_l1_active;
@@ -1210,18 +1211,18 @@
for(i = 0; i < uc_num_ref_idx_l0_active; i++)
{
ps_pic_buff0 = ps_dec->ps_ref_pic_buf_lx[0][i];
- u4_poc0 = ps_pic_buff0->i4_avg_poc;
+ i4_poc0 = ps_pic_buff0->i4_avg_poc;
for(j = 0; j < uc_num_ref_idx_l1_active; j++)
{
ps_pic_buff1 = ps_dec->ps_ref_pic_buf_lx[1][j];
- u4_poc1 = ps_pic_buff1->i4_avg_poc;
+ i4_poc1 = ps_pic_buff1->i4_avg_poc;
- if(u4_poc1 != u4_poc0)
+ if(i4_poc1 != i4_poc0)
{
- i16_tb = ps_dec->ps_cur_pic->i4_poc - u4_poc0;
- i16_tb = CLIP3(-128, 127, i16_tb);
- i16_td = u4_poc1 - u4_poc0;
- i16_td = CLIP3(-128, 127, i16_td);
+ i4_tb = ps_dec->ps_cur_pic->i4_poc - i4_poc0;
+ i16_tb = CLIP3(-128, 127, i4_tb);
+ i4_td = i4_poc1 - i4_poc0;
+ i16_td = CLIP3(-128, 127, i4_td);
i16_tx = (16384 + ABS(SIGN_POW2_DIV(i16_td, 1))) / i16_td;
i2_dist_scale_factor = CLIP3(-1024, 1023,
(((i16_tb * i16_tx) + 32) >> 6));
@@ -1272,7 +1273,7 @@
u2_l0_idx += MAX_REF_BUFS;
}
ps_pic_buff0 = ps_dec->ps_ref_pic_buf_lx[0][u2_l0_idx];
- u4_poc0 = ps_pic_buff0->i4_poc;
+ i4_poc0 = ps_pic_buff0->i4_poc;
for(j = 0; j < (uc_num_ref_idx_l1_active << 1); j++)
{
UWORD16 u2_l1_idx;
@@ -1285,13 +1286,13 @@
u2_l1_idx += MAX_REF_BUFS;
}
ps_pic_buff1 = ps_dec->ps_ref_pic_buf_lx[1][u2_l1_idx];
- u4_poc1 = ps_pic_buff1->i4_poc;
- if(u4_poc1 != u4_poc0)
+ i4_poc1 = ps_pic_buff1->i4_poc;
+ if(i4_poc1 != i4_poc0)
{
- i16_tb = i4_cur_poc - u4_poc0;
- i16_tb = CLIP3(-128, 127, i16_tb);
- i16_td = u4_poc1 - u4_poc0;
- i16_td = CLIP3(-128, 127, i16_td);
+ i4_tb = i4_cur_poc - i4_poc0;
+ i16_tb = CLIP3(-128, 127, i4_tb);
+ i4_td = i4_poc1 - i4_poc0;
+ i16_td = CLIP3(-128, 127, i4_td);
i16_tx = (16384 + ABS(SIGN_POW2_DIV(i16_td, 1)))
/ i16_td;
i2_dist_scale_factor = CLIP3(
@@ -1398,7 +1399,8 @@
{
u1_max_ref_idx = MAX_FRAMES << 1;
}
- if((u4_temp > u1_max_ref_idx) || (ui_temp1 > u1_max_ref_idx))
+ if((u4_temp > u1_max_ref_idx) || (ui_temp1 > u1_max_ref_idx)
+ || (u4_temp < 1) || (ui_temp1 < 1))
{
return ERROR_NUM_REF;
}
diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c
index d6b0f23..9b9256b 100644
--- a/decoder/ih264d_parse_pslice.c
+++ b/decoder/ih264d_parse_pslice.c
@@ -1961,7 +1961,7 @@
UWORD8 u1_max_ref_idx = MAX_FRAMES << u1_field_pic_flag;
- if(u4_temp > u1_max_ref_idx)
+ if(u4_temp > u1_max_ref_idx || u4_temp < 1)
{
return ERROR_NUM_REF;
}
