ref: 81037ccec41415e9691df2df0cdc636f426632a6
parent: ae2326c1f3384094ad5cca6a7ab240414a4630db
parent: 8ee4ce5cfc39e9c5c533fe7573005c120324acc8
author: huili2 <[email protected]>
date: Wed Jun 24 05:32:33 EDT 2020
Merge pull request #3293 from xiaotianshi2/issue_20491 Fix oss-fuzz 20491. OpenH264 issue #3282
--- a/codec/decoder/core/src/manage_dec_ref.cpp
+++ b/codec/decoder/core/src/manage_dec_ref.cpp
@@ -394,7 +394,10 @@
for (int32_t listIdx = 0; listIdx < ListCount; ++listIdx) {
PPicture pPic = NULL;
PPicture* ppRefList = pCtx->sRefPic.pRefList[listIdx];
- int32_t iMaxRefIdx = pCtx->iPicQueueNumber;
+ int32_t iMaxRefIdx = pCtx->iPicQueueNumber;
+ if (iMaxRefIdx >= MAX_REF_PIC_COUNT) {
+ iMaxRefIdx = MAX_REF_PIC_COUNT - 1;
+ }
int32_t iRefCount = pSliceHeader->uiRefCount[listIdx];
int32_t iPredFrameNum = pSliceHeader->iFrameNum;
int32_t iMaxPicNum = 1 << pSliceHeader->pSps->uiLog2MaxFrameNum;