On 2014-01-06 08:36:37 +0100, Anton Khirnov wrote: > Fixes possible access to freed memory. > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC:libav-sta...@libav.org > --- > libavcodec/h264_refs.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c > index bba77d1..88aaac7 100644 > --- a/libavcodec/h264_refs.c > +++ b/libavcodec/h264_refs.c > @@ -621,6 +621,8 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO > *mmco, int mmco_count) > * Report the problem and keep the pair where it is, > * and mark this field valid. > */ > + if (h->short_ref[0] == h->cur_pic_ptr) > + remove_short_at_index(h, 0); > > if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) { > remove_long(h, mmco[i].long_arg, 0);
ok, could maybe use a log message Janne _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel