Commit aaa7d2fa authored by Michael Niedermayer's avatar Michael Niedermayer

h264: don t leave stale pointers in delayed_pic in flush_changes.

Fixes null pointer dereference & assertion failure

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 55d05286
...@@ -2153,12 +2153,19 @@ static void idr(H264Context *h) ...@@ -2153,12 +2153,19 @@ static void idr(H264Context *h)
/* forget old pics after a seek */ /* forget old pics after a seek */
static void flush_change(H264Context *h) static void flush_change(H264Context *h)
{ {
int i, j;
h->outputed_poc = h->next_outputed_poc = INT_MIN; h->outputed_poc = h->next_outputed_poc = INT_MIN;
h->prev_interlaced_frame = 1; h->prev_interlaced_frame = 1;
idr(h); idr(h);
h->prev_frame_num = -1; h->prev_frame_num = -1;
if (h->s.current_picture_ptr) if (h->s.current_picture_ptr) {
h->s.current_picture_ptr->f.reference = 0; h->s.current_picture_ptr->f.reference = 0;
for (j=i=0; h->delayed_pic[i]; i++)
if (h->delayed_pic[i] != h->s.current_picture_ptr)
h->delayed_pic[j++] = h->delayed_pic[i];
h->delayed_pic[j] = NULL;
}
h->s.first_field = 0; h->s.first_field = 0;
memset(h->ref_list[0], 0, sizeof(h->ref_list[0])); memset(h->ref_list[0], 0, sizeof(h->ref_list[0]));
memset(h->ref_list[1], 0, sizeof(h->ref_list[1])); memset(h->ref_list[1], 0, sizeof(h->ref_list[1]));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment