shithub: dav1d

Download patch

ref: b735b80b743d5bb85059e8fb87efd0375bc5bc65
parent: 18ab22b67c271bbc845ae485094d72cb7527d1d2
author: Janne Grunau <[email protected]>
date: Tue Dec 4 14:43:42 EST 2018

frame-mt: output delayed frames as soon as possible

c->out can hold a valid picture on bitstream errors after 4903d87b73b5
when frame multi-threading is used. Output this picture instead of
returning the return value of dav1d_parse_obus().

Fixes `assert(dst->data[0] == ((void*)0));` in dav1d_picture_ref with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5743306491822080. Also
fixes a memory leak of frames with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5655593017147392. Credits
to oss-fuzz.

--- a/src/lib.c
+++ b/src/lib.c
@@ -315,17 +315,19 @@
     }
 
     while (in->sz > 0) {
-        if ((res = dav1d_parse_obus(c, in, 0)) < 0) {
+        res = dav1d_parse_obus(c, in, 0);
+        if (res < 0) {
             dav1d_data_unref(in);
-            return res;
+        } else {
+            assert((size_t)res <= in->sz);
+            in->sz -= res;
+            in->data += res;
+            if (!in->sz) dav1d_data_unref(in);
         }
-
-        assert((size_t)res <= in->sz);
-        in->sz -= res;
-        in->data += res;
-        if (!in->sz) dav1d_data_unref(in);
         if (c->out.data[0])
             break;
+        if (res < 0)
+            return res;
     }
 
     if (c->out.data[0])