ref: 3fdf468e51307c3fefabb65dfc39f364edd2ae95
parent: e413c8ed877cf4f09004fc07171d9dc4339293df
author: Dmitriy Sychov <dmitriy.sychev@gmail.com>
date: Wed Nov 18 08:18:16 EST 2020
Check frame IDs for reference and "show_existing" frames
--- a/src/obu.c
+++ b/src/obu.c
@@ -374,8 +374,11 @@
hdr->existing_frame_idx = dav1d_get_bits(gb, 3);
if (seqhdr->decoder_model_info_present && !seqhdr->equal_picture_interval)
hdr->frame_presentation_delay = dav1d_get_bits(gb, seqhdr->frame_presentation_delay_length);
- if (seqhdr->frame_id_numbers_present)
+ if (seqhdr->frame_id_numbers_present) {hdr->frame_id = dav1d_get_bits(gb, seqhdr->frame_id_n_bits);
+ Dav1dFrameHeader *const ref_frame_hdr = c->refs[hdr->existing_frame_idx].p.p.frame_hdr;
+ if (!ref_frame_hdr || ref_frame_hdr->frame_id != hdr->frame_id) return DAV1D_ERR(EINVAL);
+ }
return 0;
}
@@ -550,8 +553,12 @@
for (int i = 0; i < 7; i++) {if (!hdr->frame_ref_short_signaling)
hdr->refidx[i] = dav1d_get_bits(gb, 3);
- if (seqhdr->frame_id_numbers_present)
- dav1d_get_bits(gb, seqhdr->delta_frame_id_n_bits);
+ if (seqhdr->frame_id_numbers_present) {+ const int delta_ref_frame_id_minus_1 = dav1d_get_bits(gb, seqhdr->delta_frame_id_n_bits);
+ const int ref_frame_id = (hdr->frame_id + (1 << seqhdr->frame_id_n_bits) - delta_ref_frame_id_minus_1 - 1) & ((1 << seqhdr->frame_id_n_bits) - 1);
+ Dav1dFrameHeader *const ref_frame_hdr = c->refs[hdr->refidx[i]].p.p.frame_hdr;
+ if (!ref_frame_hdr || ref_frame_hdr->frame_id != ref_frame_id) goto error;
+ }
}
const int use_ref = !hdr->error_resilient_mode &&
hdr->frame_size_override;