h264: increase reference poc list from 16 to 32.

Message ID 20120314202813.248E75E0DC@aruru.libav.org
State New
Headers show

Commit Message

Janne Grunau March 14, 2012, 8:28 p.m.
Module: libav
Branch: master
Commit: 48cbe4b092113eae0b3e5d6a08b59027f913a884

Author:    Ronald S. Bultje <rsbultje@gmail.com>
Committer: Ronald S. Bultje <rsbultje@gmail.com>
Date:      Tue Mar 13 15:21:07 2012 -0700

h264: increase reference poc list from 16 to 32.

Interlaced images can have 32 references (16 per field), so limiting the
array size to 16 leads to invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

---

 libavcodec/mpegvideo.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Patch

diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h
index 9d9d870..8f788a7 100644
--- a/libavcodec/mpegvideo.h
+++ b/libavcodec/mpegvideo.h
@@ -126,7 +126,7 @@  typedef struct Picture{
     int pic_id;                 /**< h264 pic_num (short -> no wrap version of pic_num,
                                      pic_num & max_pic_num; long -> long_pic_num) */
     int long_ref;               ///< 1->long term reference 0->short term reference
-    int ref_poc[2][2][16];      ///< h264 POCs of the frames used as reference (FIXME need per slice)
+    int ref_poc[2][2][32];      ///< h264 POCs of the frames used as reference (FIXME need per slice)
     int ref_count[2][2];        ///< number of entries in ref_poc              (FIXME need per slice)
     int mbaff;                  ///< h264 1 -> MBAFF frame 0-> not MBAFF
     int field_picture;          ///< whether or not the picture was encoded in separate fields