On 2012-12-17 18:27:17 -0800, Ronald S. Bultje wrote: > Hi, > > On Dec 17, 2012 1:41 PM, "Janne Grunau" <[email protected]> wrote: > > > > Copy a neighbouring frame/field from the list as error resilience > > measure since the decoder assumes frame data pointers of known reference > > to be valid. > > > > Prevents stale references in ref_list in the fuzzed sample > > bipbop234.ts_s20118 caused by not refreshing the ref lists when required > > due to slice decoding errors. > > So maybe I'm being an asshole - tell me if I am - but why would we unref an > image if we're still referencing it? That seems broken. Shouldn't the code > that unrefs clear and/or check this?
Does it matter whether it is done in unreference or at every call site? The code that unreferences only manages the short_ref and long_ref lists of picture pointers. Without decoding/parsing errors everything is fine and default_ref_list and ref_list are refreshed in one of the next the next decode_slice_header calls before they are used. It breaks in some error cases. I tried to force rebuilds after a one of the pictures on them was unreferenced but I haven't found all place where it is necessary. Janne _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
