shithub: openh264

Download patch

ref: 8ee4ce5cfc39e9c5c533fe7573005c120324acc8
parent: ae2326c1f3384094ad5cca6a7ab240414a4630db
author: xiaotiansf <[email protected]>
date: Sat Jun 6 17:58:49 EDT 2020

Fix oss-fuzz reported issue 20491.

--- a/codec/decoder/core/src/manage_dec_ref.cpp
+++ b/codec/decoder/core/src/manage_dec_ref.cpp
@@ -394,7 +394,10 @@
   for (int32_t listIdx = 0; listIdx < ListCount; ++listIdx) {
     PPicture pPic = NULL;
     PPicture* ppRefList = pCtx->sRefPic.pRefList[listIdx];
-    int32_t iMaxRefIdx = pCtx->iPicQueueNumber;
+    int32_t  iMaxRefIdx = pCtx->iPicQueueNumber;
+    if (iMaxRefIdx >= MAX_REF_PIC_COUNT) {
+      iMaxRefIdx = MAX_REF_PIC_COUNT - 1;
+    }
     int32_t iRefCount = pSliceHeader->uiRefCount[listIdx];
     int32_t iPredFrameNum = pSliceHeader->iFrameNum;
     int32_t iMaxPicNum = 1 << pSliceHeader->pSps->uiLog2MaxFrameNum;