Decoder: Fix in checking first_mb_in_slice
Also, increment slice header only if previous slice had atleast one MB
This is to ensure there is no out of bound read for streams with 1 MB, and
due to error 2 slices were being accessed.
Bug: 33982658
Change-Id: I5f1918c09e922ca39f495f6059dfea3fa1d49448
(cherry picked from commit ef27433ca86c4084f0cff3e284f9e799c3fdfbec)
diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c
index 9d4e687..efb94ad 100644
--- a/decoder/ih264d_parse_pslice.c
+++ b/decoder/ih264d_parse_pslice.c
@@ -1661,11 +1661,15 @@
return 0;
}
- // Inserting new slice
- ps_dec->u2_cur_slice_num++;
- ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx;
- ps_dec->i2_prev_slice_mby = ps_dec->u2_mby;
- ps_dec->ps_parse_cur_slice++;
+ /* Inserting new slice only if the current slice has atleast 1 MB*/
+ if(ps_dec->ps_parse_cur_slice->u4_first_mb_in_slice <
+ (UWORD32)(ps_dec->u2_total_mbs_coded >> ps_slice->u1_mbaff_frame_flag))
+ {
+ ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx;
+ ps_dec->i2_prev_slice_mby = ps_dec->u2_mby;
+ ps_dec->u2_cur_slice_num++;
+ ps_dec->ps_parse_cur_slice++;
+ }
}
else
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index 80603c2..11a317b 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1056,8 +1056,7 @@
/*we currently don not support ASO*/
if(((u2_first_mb_in_slice << ps_cur_slice->u1_mbaff_frame_flag)
- <= ps_dec->u2_cur_mb_addr) && (ps_dec->u2_cur_mb_addr != 0)
- && (ps_dec->u4_first_slice_in_pic != 0))
+ <= ps_dec->u2_cur_mb_addr) && (ps_dec->u4_first_slice_in_pic == 0))
{
return ERROR_CORRUPTED_SLICE;
}