shithub: openh264

Download patch

ref: cbc0adb52f8ab053a961255ab115c59b1aabb724
parent: 19a94866097ea96da09c9ecdd0a23a9971523f21
author: xiaotiansf <[email protected]>
date: Mon Feb 18 07:56:26 EST 2019

Fix ossz-buzz reported bug 13185 by resetting the references of previously deleted references.

--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -213,6 +213,21 @@
     if (iPrevPicIdx != iPicIdx) {
       if (pPicOldBuf->ppPic[iPicIdx] != NULL) {
         FreePicture (pPicOldBuf->ppPic[iPicIdx], pMa);
+        //seach and reset the references of deleted references.
+        for (int32_t list = LIST_0; list < LIST_A; ++list) {
+          int32_t refIdx = 0;
+          PPicture pPic = pCtx->sRefPic.pRefList[list][refIdx];
+          while (refIdx < MAX_DPB_COUNT && pPic != NULL) {
+            ++refIdx;
+            int32_t ref = 0;
+            while (ref < MAX_DPB_COUNT && *pPic->pRefPic[ref] != NULL) {
+              if (*pPic->pRefPic[ref] == pPicOldBuf->ppPic[iPicIdx]) {
+                *pPic->pRefPic[ref] = NULL;
+              }
+              ++ref;
+            }
+          }
+        }
         pPicOldBuf->ppPic[iPicIdx] = NULL;
       }
     }