Module: libav Branch: release/11 Commit: 507769c7986578edde251f038ceee27032a65bef
Author: Anton Khirnov <[email protected]> Committer: Luca Barbato <[email protected]> Date: Fri May 8 19:07:10 2015 +0200 h264: make sure the current picture is not made a long ref multiple times Fixes possible invalid reads, once one of those refs is freed, but the others remain. CC: [email protected] --- libavcodec/h264_refs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 03c1b9c..d1cde32 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -636,6 +636,15 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) if (h->short_ref[0] == h->cur_pic_ptr) remove_short_at_index(h, 0); + /* make sure the current picture is not already assigned as a long ref */ + if (h->cur_pic_ptr->long_ref) { + for (j = 0; j < FF_ARRAY_ELEMS(h->long_ref); j++) { + if (h->long_ref[j] == h->cur_pic_ptr) + remove_long(h, j, 0); + } + } + + if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) { remove_long(h, mmco[i].long_arg, 0); _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
