Merge cherrypicks of [2310196, 2310339, 2310340, 2310175, 2310320, 2310321, 2310322, 2310323, 2310217, 2310311, 2310349, 2310313, 2310331, 2310314, 2310286, 2310368, 2310383, 2310272, 2310439, 2310317, 2310318, 2310370, 2310352, 2310459, 2310287, 2310384, 2310237, 2310422, 2310440, 2310372, 2310289, 2310374, 2310355, 2310461, 2310423, 2310375, 2310376, 2310385, 2310386, 2310275, 2310462, 2310442, 2310443, 2310539, 2310378, 2310445, 2310238, 2310446, 2310540, 2310335, 2310582, 2310454, 2310659, 2310392, 2310393, 2310437, 2310679, 2310626] into nyc-mr2-release
Change-Id: I6065592adb269154af3b473ae8861f621ef40f8b
diff --git a/decoder/ihevcd_parse_headers.c b/decoder/ihevcd_parse_headers.c
index b560a39..c0f1564 100644
--- a/decoder/ihevcd_parse_headers.c
+++ b/decoder/ihevcd_parse_headers.c
@@ -644,6 +644,9 @@
if(!ps_hrd->au1_low_delay_hrd_flag[i])
UEV_PARSE("cpb_cnt_minus1[ i ]", ps_hrd->au1_cpb_cnt_minus1[i], ps_bitstrm);
+ if(ps_hrd->au1_cpb_cnt_minus1[i] >= (MAX_CPB_CNT - 1))
+ return IHEVCD_INVALID_PARAMETER;
+
if(ps_hrd->u1_nal_hrd_parameters_present_flag)
ihevcd_parse_sub_layer_hrd_parameters(ps_bitstrm,
&ps_hrd->as_sub_layer_hrd_params[i],
@@ -744,7 +747,10 @@
BITS_PARSE("vui_hrd_parameters_present_flag", ps_vui->u1_vui_hrd_parameters_present_flag, ps_bitstrm, 1);
if(ps_vui->u1_vui_hrd_parameters_present_flag)
- ihevcd_parse_hrd_parameters(ps_bitstrm, &ps_vui->s_vui_hrd_parameters, 1, sps_max_sub_layers_minus1);
+ {
+ ret = ihevcd_parse_hrd_parameters(ps_bitstrm, &ps_vui->s_vui_hrd_parameters, 1, sps_max_sub_layers_minus1);
+ RETURN_IF((ret != (IHEVCD_ERROR_T)IHEVCD_SUCCESS), ret);
+ }
}
BITS_PARSE("bitstream_restriction_flag", ps_vui->u1_bitstream_restriction_flag, ps_bitstrm, 1);
@@ -1224,6 +1230,12 @@
ps_sps = (ps_codec->s_parse.ps_sps_base + MAX_SPS_CNT - 1);
+ /* Reset SPS to zero */
+ {
+ WORD16 *pi2_scaling_mat = ps_sps->pi2_scaling_mat;
+ memset(ps_sps, 0, sizeof(sps_t));
+ ps_sps->pi2_scaling_mat = pi2_scaling_mat;
+ }
ps_sps->i1_sps_id = sps_id;
ps_sps->i1_vps_id = vps_id;
ps_sps->i1_sps_max_sub_layers = sps_max_sub_layers;
@@ -1330,6 +1342,35 @@
UEV_PARSE("max_latency_increase", value, ps_bitstrm);
ps_sps->ai1_sps_max_latency_increase[i] = value;
}
+
+ /* Check if sps_max_dec_pic_buffering or sps_max_num_reorder_pics
+ has changed */
+ if(0 != ps_codec->u4_allocate_dynamic_done)
+ {
+ sps_t *ps_sps_old = ps_codec->s_parse.ps_sps;
+ if(ps_sps_old->ai1_sps_max_dec_pic_buffering[ps_sps_old->i1_sps_max_sub_layers - 1] !=
+ ps_sps->ai1_sps_max_dec_pic_buffering[ps_sps->i1_sps_max_sub_layers - 1])
+ {
+ if(0 == ps_codec->i4_first_pic_done)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
+ ps_codec->i4_reset_flag = 1;
+ return (IHEVCD_ERROR_T)IVD_RES_CHANGED;
+ }
+
+ if(ps_sps_old->ai1_sps_max_num_reorder_pics[ps_sps_old->i1_sps_max_sub_layers - 1] !=
+ ps_sps->ai1_sps_max_num_reorder_pics[ps_sps->i1_sps_max_sub_layers - 1])
+ {
+ if(0 == ps_codec->i4_first_pic_done)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
+ ps_codec->i4_reset_flag = 1;
+ return (IHEVCD_ERROR_T)IVD_RES_CHANGED;
+ }
+ }
+
UEV_PARSE("log2_min_coding_block_size_minus3", value, ps_bitstrm);
ps_sps->i1_log2_min_coding_block_size = value + 3;
@@ -1456,9 +1497,12 @@
ps_sps->i1_vui_parameters_present_flag = value;
if(ps_sps->i1_vui_parameters_present_flag)
- ihevcd_parse_vui_parameters(ps_bitstrm,
- &ps_sps->s_vui_parameters,
- ps_sps->i1_sps_max_sub_layers - 1);
+ {
+ ret = ihevcd_parse_vui_parameters(ps_bitstrm,
+ &ps_sps->s_vui_parameters,
+ ps_sps->i1_sps_max_sub_layers - 1);
+ RETURN_IF((ret != (IHEVCD_ERROR_T)IHEVCD_SUCCESS), ret);
+ }
BITS_PARSE("sps_extension_flag", value, ps_bitstrm, 1);
@@ -1495,10 +1539,14 @@
ps_sps->i2_pic_ht_in_min_cb = numerator /
(1 << ps_sps->i1_log2_min_coding_block_size);
}
- if((0 != ps_codec->i4_first_pic_done) &&
+ if((0 != ps_codec->u4_allocate_dynamic_done) &&
((ps_codec->i4_wd != ps_sps->i2_pic_width_in_luma_samples) ||
(ps_codec->i4_ht != ps_sps->i2_pic_height_in_luma_samples)))
{
+ if(0 == ps_codec->i4_first_pic_done)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
ps_codec->i4_reset_flag = 1;
return (IHEVCD_ERROR_T)IVD_RES_CHANGED;
}
@@ -1926,6 +1974,9 @@
/* Not present in HM */
BITS_PARSE("pps_extension_flag", value, ps_bitstrm, 1);
+ if((UWORD8 *)ps_bitstrm->pu4_buf > ps_bitstrm->pu1_buf_max)
+ return IHEVCD_INVALID_PARAMETER;
+
ps_codec->i4_pps_done = 1;
return ret;
}
diff --git a/decoder/ihevcd_parse_slice_header.c b/decoder/ihevcd_parse_slice_header.c
index 62ad6c8..e1b50b7 100644
--- a/decoder/ihevcd_parse_slice_header.c
+++ b/decoder/ihevcd_parse_slice_header.c
@@ -257,10 +257,11 @@
{
pps_t *ps_pps_ref = ps_codec->ps_pps_base;
while(0 == ps_pps_ref->i1_pps_valid)
+ {
ps_pps_ref++;
-
- if((ps_pps_ref - ps_codec->ps_pps_base >= MAX_PPS_CNT - 1))
- return IHEVCD_INVALID_HEADER;
+ if((ps_pps_ref - ps_codec->ps_pps_base >= MAX_PPS_CNT - 1))
+ return IHEVCD_INVALID_HEADER;
+ }
ihevcd_copy_pps(ps_codec, pps_id, ps_pps_ref->i1_pps_id);
}
@@ -862,6 +863,9 @@
ihevcd_bits_flush_to_byte_boundary(ps_bitstrm);
+ if((UWORD8 *)ps_bitstrm->pu4_buf > ps_bitstrm->pu1_buf_max)
+ return IHEVCD_INVALID_PARAMETER;
+
{
dpb_mgr_t *ps_dpb_mgr = (dpb_mgr_t *)ps_codec->pv_dpb_mgr;
WORD32 r_idx;
