Commit 4aa0de64 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/h264_refs: discard mismatching references

Fixes inconsistency and out of array access
Fixes: asan_heap-oob_17301a3_2100_cov_3226131691_ff_add_pixels_clamped_mmx.m2ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 84afc6b7
...@@ -125,6 +125,7 @@ static int add_sorted(H264Picture **sorted, H264Picture **src, int len, int limi ...@@ -125,6 +125,7 @@ static int add_sorted(H264Picture **sorted, H264Picture **src, int len, int limi
int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl)
{ {
int i, len; int i, len;
int j;
if (sl->slice_type_nos == AV_PICTURE_TYPE_B) { if (sl->slice_type_nos == AV_PICTURE_TYPE_B) {
H264Picture *sorted[32]; H264Picture *sorted[32];
...@@ -188,6 +189,21 @@ int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) ...@@ -188,6 +189,21 @@ int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl)
} }
} }
#endif #endif
for (j = 0; j<1+(sl->slice_type_nos == AV_PICTURE_TYPE_B); j++) {
for (i = 0; i < sl->ref_count[j]; i++) {
if (h->default_ref_list[j][i].parent) {
AVFrame *f = h->default_ref_list[j][i].parent->f;
if (h->cur_pic_ptr->f->width != f->width ||
h->cur_pic_ptr->f->height != f->height ||
h->cur_pic_ptr->f->format != f->format) {
av_log(h->avctx, AV_LOG_ERROR, "Discarding mismatching reference\n");
memset(&h->default_ref_list[j][i], 0, sizeof(h->default_ref_list[j][i]));
}
}
}
}
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment