Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ede89893 authored by Deva Ramasubramanian's avatar Deva Ramasubramanian Committed by Arne Coucheron
Browse files

libstagefright: Fix out of bounds error for H264 software decoder 

If decoded clip's level is 1.0, InitDPB() and AVCConfigureSequence()
compute different number of frames (num_fs) to allocate.  InitDPB()
holds an extra frame if num_fs is 1, where as AVCCS() does not. Since
InitDPB() sets the state and AVCCS() allocates the buffers, num_fs - 1
buffers will be allocated.  During decode, we'll attempt to access the
num_fs-th frame which will be out of bounds.

This fix sets AVCCS()'s copy of num_fs to be same as whatever InitDPB()
computes.

Change-Id: I4bb5afdb4750084f0737878445f59842cd22a6f7
CRs-Fixed: 276145
parent f3236777
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment