h264: make sure the current picture is not made a long ref multiple times

Fixes possible invalid reads, once one of those refs is freed, but the others remain. CC: libav-stable@libav.org

h264: make sure the current picture is not made a long ref multiple times
Fixes possible invalid reads, once one of those refs is freed, but the others remain. CC: libav-stable@libav.org
6d4d3fee · Anton Khirnov · 9a5e4fbe · 6d4d3fee
Commit 6d4d3fee authored May 08, 2015 by Anton Khirnov
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

h264_refs.c libavcodec/h264_refs.c +9 -0

No files found.
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -640,6 +640,15 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count)
            if (h->short_ref[0] == h->cur_pic_ptr)
                remove_short_at_index(h, 0);

+            /* make sure the current picture is not already assigned as a long ref */
+            if (h->cur_pic_ptr->long_ref) {
+                for (j = 0; j < FF_ARRAY_ELEMS(h->long_ref); j++) {
+                    if (h->long_ref[j] == h->cur_pic_ptr)
+                        remove_long(h, j, 0);
+                }
+            }
+
+
            if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) {
                remove_long(h, mmco[i].long_arg, 0);