[FFmpeg-cvslog] h264: make sure the current picture is not made a long ref multiple times
Anton Khirnov
git at videolan.org
Sat Jun 27 21:11:34 CEST 2015
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Fri May 8 19:07:10 2015 +0200| [6d4d3fee63c46d921c4870feab79269af94e84e1] | committer: Anton Khirnov
h264: make sure the current picture is not made a long ref multiple times
Fixes possible invalid reads, once one of those refs is freed, but the
others remain.
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4d3fee63c46d921c4870feab79269af94e84e1
---
libavcodec/h264_refs.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 2ddbdb7..adc2213 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -640,6 +640,15 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count)
if (h->short_ref[0] == h->cur_pic_ptr)
remove_short_at_index(h, 0);
+ /* make sure the current picture is not already assigned as a long ref */
+ if (h->cur_pic_ptr->long_ref) {
+ for (j = 0; j < FF_ARRAY_ELEMS(h->long_ref); j++) {
+ if (h->long_ref[j] == h->cur_pic_ptr)
+ remove_long(h, j, 0);
+ }
+ }
+
+
if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) {
remove_long(h, mmco[i].long_arg, 0);
More information about the ffmpeg-cvslog
mailing list