har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

h264: make sure the current picture is not made a long ref multiple times

Browse Source 
Fixes possible invalid reads, once one of those refs is freed, but the
others remain.
CC: libav-stable@libav.org
This commit is contained in:
Anton Khirnov 2015-05-08 19:07:10 +02:00
parent 9a5e4fbec8
commit 6d4d3fee63
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/h264_refs.c
View File

@ -640,6 +640,15 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count)
if (h->short_ref[0] == h->cur_pic_ptr)
remove_short_at_index(h, 0);
/* make sure the current picture is not already assigned as a long ref */
if (h->cur_pic_ptr->long_ref) {
for (j = 0; j < FF_ARRAY_ELEMS(h->long_ref); j++) {
if (h->long_ref[j] == h->cur_pic_ptr)
remove_long(h, j, 0);
}
}
if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) {
remove_long(h, mmco[i].long_arg, 0);