avcodec/hevc_refs: Check nb_refs in add_candidate_ref()

Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
1cb4ef52 · Michael Niedermayer · e53c9065 · 1cb4ef52
Commit 1cb4ef52 authored Jun 14, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

hevc_refs.c libavcodec/hevc_refs.c +1 -1

No files found.
--- a/libavcodec/hevc_refs.c
+++ b/libavcodec/hevc_refs.c
@@ -431,7 +431,7 @@ static int add_candidate_ref(HEVCContext *s, RefPicList *list,
 {
    HEVCFrame *ref = find_ref_idx(s, poc);

-    if (ref == s->ref)
+    if (ref == s->ref || list->nb_refs >= HEVC_MAX_REFS)
        return AVERROR_INVALIDDATA;

    if (!ref) {