ref: cbc0adb52f8ab053a961255ab115c59b1aabb724
parent: 19a94866097ea96da09c9ecdd0a23a9971523f21
author: xiaotiansf <[email protected]>
date: Mon Feb 18 07:56:26 EST 2019
Fix ossz-buzz reported bug 13185 by resetting the references of previously deleted references.
--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -213,6 +213,21 @@
if (iPrevPicIdx != iPicIdx) {
if (pPicOldBuf->ppPic[iPicIdx] != NULL) {
FreePicture (pPicOldBuf->ppPic[iPicIdx], pMa);
+ //seach and reset the references of deleted references.
+ for (int32_t list = LIST_0; list < LIST_A; ++list) {
+ int32_t refIdx = 0;
+ PPicture pPic = pCtx->sRefPic.pRefList[list][refIdx];
+ while (refIdx < MAX_DPB_COUNT && pPic != NULL) {
+ ++refIdx;
+ int32_t ref = 0;
+ while (ref < MAX_DPB_COUNT && *pPic->pRefPic[ref] != NULL) {
+ if (*pPic->pRefPic[ref] == pPicOldBuf->ppPic[iPicIdx]) {
+ *pPic->pRefPic[ref] = NULL;
+ }
+ ++ref;
+ }
+ }
+ }
pPicOldBuf->ppPic[iPicIdx] = NULL;
}
}