avcodec/h264_slice: Do not attempt to render into frames already output

Fixes: null pointer dereference Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112 This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-03 23:42:01 +01:00 · 2018-01-03 23:42:01 +01:00 · 476665d4de
commit 476665d4de
parent 3c0a081a1e
1 changed files with 6 additions and 0 deletions
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@ -1571,6 +1571,12 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl,
                 * one except for reference purposes. */
                h->first_field = 1;
                h->cur_pic_ptr = NULL;
+            } else if (h->cur_pic_ptr->reference & DELAYED_PIC_REF) {
+                /* This frame was already output, we cannot draw into it
+                 * anymore.
+                 */
+                h->first_field = 1;
+                h->cur_pic_ptr = NULL;
            } else {
                /* Second field in complementary pair */
                h->first_field = 0;