ffmpeg | branch: master | Anton Khirnov <[email protected]> | Fri May 8 19:07:10 2015 +0200| [6d4d3fee63c46d921c4870feab79269af94e84e1] | committer: Anton Khirnov
h264: make sure the current picture is not made a long ref multiple times Fixes possible invalid reads, once one of those refs is freed, but the others remain. CC: [email protected] > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4d3fee63c46d921c4870feab79269af94e84e1 --- libavcodec/h264_refs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 2ddbdb7..adc2213 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -640,6 +640,15 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) if (h->short_ref[0] == h->cur_pic_ptr) remove_short_at_index(h, 0); + /* make sure the current picture is not already assigned as a long ref */ + if (h->cur_pic_ptr->long_ref) { + for (j = 0; j < FF_ARRAY_ELEMS(h->long_ref); j++) { + if (h->long_ref[j] == h->cur_pic_ptr) + remove_long(h, j, 0); + } + } + + if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) { remove_long(h, mmco[i].long_arg, 0); _______________________________________________ ffmpeg-cvslog mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
