ref: 8ee4ce5cfc39e9c5c533fe7573005c120324acc8
parent: ae2326c1f3384094ad5cca6a7ab240414a4630db
author: xiaotiansf <[email protected]>
date: Sat Jun 6 17:58:49 EDT 2020
Fix oss-fuzz reported issue 20491.
--- a/codec/decoder/core/src/manage_dec_ref.cpp
+++ b/codec/decoder/core/src/manage_dec_ref.cpp
@@ -394,7 +394,10 @@
for (int32_t listIdx = 0; listIdx < ListCount; ++listIdx) {
PPicture pPic = NULL;
PPicture* ppRefList = pCtx->sRefPic.pRefList[listIdx];
- int32_t iMaxRefIdx = pCtx->iPicQueueNumber;
+ int32_t iMaxRefIdx = pCtx->iPicQueueNumber;
+ if (iMaxRefIdx >= MAX_REF_PIC_COUNT) {
+ iMaxRefIdx = MAX_REF_PIC_COUNT - 1;
+ }
int32_t iRefCount = pSliceHeader->uiRefCount[listIdx];
int32_t iPredFrameNum = pSliceHeader->iFrameNum;
int32_t iMaxPicNum = 1 << pSliceHeader->pSps->uiLog2MaxFrameNum;