[FFmpeg-cvslog] h264: Lower bound check for slice offsets

Vittorio Giovara git at videolan.org
Mon Mar 10 18:47:17 CET 2014 

ffmpeg | branch: release/0.10 | Vittorio Giovara <vittorio.giovara at gmail.com> | Thu Feb 20 02:38:32 2014 +0100| [a6003760bd0749eed366c19a2ceb17b4678f9c37] | committer: Reinhard Tartler

h264: Lower bound check for slice offsets

And use the value from the specification.

Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org

Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)

Conflicts:
	libavcodec/h264.c

(cherry picked from commit 41380e017afcca3119acb560c08a60a97d416c3c)

Conflicts:
	libavcodec/h264.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6003760bd0749eed366c19a2ceb17b4678f9c37
---

 libavcodec/h264.c            |   37 ++++++++++++++++++++-----------------
 libavcodec/h264_loopfilter.c |    8 ++++----
 2 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index ff7859c..f3094b5 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3225,8 +3225,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
     }
 
     h->deblocking_filter = 1;
-    h->slice_alpha_c0_offset = 52;
-    h->slice_beta_offset = 52;
+    h->slice_alpha_c0_offset = 0;
+    h->slice_beta_offset = 0;
     if( h->pps.deblocking_filter_parameters_present ) {
         tmp= get_ue_golomb_31(&s->gb);
         if(tmp > 2){
@@ -3237,12 +3237,16 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
         if(h->deblocking_filter < 2)
             h->deblocking_filter^= 1; // 1<->0
 
-        if( h->deblocking_filter ) {
-            h->slice_alpha_c0_offset += get_se_golomb(&s->gb) << 1;
-            h->slice_beta_offset     += get_se_golomb(&s->gb) << 1;
-            if(   h->slice_alpha_c0_offset > 104U
-               || h->slice_beta_offset     > 104U){
-                av_log(s->avctx, AV_LOG_ERROR, "deblocking filter parameters %d %d out of range\n", h->slice_alpha_c0_offset, h->slice_beta_offset);
+        if (h->deblocking_filter) {
+            h->slice_alpha_c0_offset = get_se_golomb(&s->gb) * 2;
+            h->slice_beta_offset     = get_se_golomb(&s->gb) * 2;
+            if (h->slice_alpha_c0_offset >  12 ||
+                h->slice_alpha_c0_offset < -12 ||
+                h->slice_beta_offset >  12     ||
+                h->slice_beta_offset < -12) {
+                av_log(s->avctx, AV_LOG_ERROR,
+                       "deblocking filter parameters %d %d out of range\n",
+                       h->slice_alpha_c0_offset, h->slice_beta_offset);
                 return -1;
             }
         }
@@ -3271,14 +3275,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
             }
         }
     }
-    h->qp_thresh = 15 + 52 - FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset)
-                 - FFMAX3(0, h->pps.chroma_qp_index_offset[0], h->pps.chroma_qp_index_offset[1])
-                 + 6 * (h->sps.bit_depth_luma - 8);
-
-#if 0 //FMO
-    if( h->pps.num_slice_groups > 1  && h->pps.mb_slice_group_map_type >= 3 && h->pps.mb_slice_group_map_type <= 5)
-        slice_group_change_cycle= get_bits(&s->gb, ?);
-#endif
+    h->qp_thresh = 15 +
+                   FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) -
+                   FFMAX3(0,
+                          h->pps.chroma_qp_index_offset[0],
+                          h->pps.chroma_qp_index_offset[1]) +
+                   6 * (h->sps.bit_depth_luma - 8);
 
     h0->last_slice_type = slice_type;
     h->slice_num = ++h0->current_slice;
@@ -3333,7 +3335,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
                s->current_picture_ptr->field_poc[0], s->current_picture_ptr->field_poc[1],
                h->ref_count[0], h->ref_count[1],
                s->qscale,
-               h->deblocking_filter, h->slice_alpha_c0_offset/2-26, h->slice_beta_offset/2-26,
+               h->deblocking_filter,
+               h->slice_alpha_c0_offset, h->slice_beta_offset,
                h->use_weight,
                h->use_weight==1 && h->use_weight_chroma ? "c" : "",
                h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? "SPAT" : "TEMP") : ""
diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c
index be750ca..c9ede82 100644
--- a/libavcodec/h264_loopfilter.c
+++ b/libavcodec/h264_loopfilter.c
@@ -254,8 +254,8 @@ static av_always_inline void h264_filter_mb_fast_internal(H264Context *h,
     int top_type= h->top_type;
 
     int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
-    int a = h->slice_alpha_c0_offset - qp_bd_offset;
-    int b = h->slice_beta_offset - qp_bd_offset;
+    int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
+    int b = 52 + h->slice_beta_offset - qp_bd_offset;
 
     int mb_type = s->current_picture.f.mb_type[mb_xy];
     int qp      = s->current_picture.f.qscale_table[mb_xy];
@@ -715,8 +715,8 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint
     av_unused int dir;
     int chroma = !(CONFIG_GRAY && (s->flags&CODEC_FLAG_GRAY));
     int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
-    int a = h->slice_alpha_c0_offset - qp_bd_offset;
-    int b = h->slice_beta_offset - qp_bd_offset;
+    int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
+    int b = 52 + h->slice_beta_offset - qp_bd_offset;
 
     if (FRAME_MBAFF
             // and current and left pair do not have the same interlaced type

More information about the ffmpeg-cvslog mailing list