[FFmpeg-cvslog] avcodec/h264_refs: discard mismatching references

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jun 30 03:23:30 2015 +0200| [4aa0de644a2de62f0bc3013a4533ab9283aa0a65] | committer: Michael Niedermayer

avcodec/h264_refs: discard mismatching references

Fixes inconsistency and out of array access
Fixes: asan_heap-oob_17301a3_2100_cov_3226131691_ff_add_pixels_clamped_mmx.m2ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4aa0de644a2de62f0bc3013a4533ab9283aa0a65
---

 libavcodec/h264_refs.c |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 0d8fa8b..ac6f6bf 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -125,6 +125,7 @@ static int add_sorted(H264Picture **sorted, H264Picture **src, int len, int limi
 int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl)
 {
     int i, len;
+    int j;
 
     if (sl->slice_type_nos == AV_PICTURE_TYPE_B) {
         H264Picture *sorted[32];
@@ -188,6 +189,21 @@ int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl)
         }
     }
 #endif
+
+    for (j = 0; j<1+(sl->slice_type_nos == AV_PICTURE_TYPE_B); j++) {
+        for (i = 0; i < sl->ref_count[j]; i++) {
+            if (h->default_ref_list[j][i].parent) {
+                AVFrame *f = h->default_ref_list[j][i].parent->f;
+                if (h->cur_pic_ptr->f->width  != f->width ||
+                    h->cur_pic_ptr->f->height != f->height ||
+                    h->cur_pic_ptr->f->format != f->format) {
+                    av_log(h->avctx, AV_LOG_ERROR, "Discarding mismatching reference\n");
+                    memset(&h->default_ref_list[j][i], 0, sizeof(h->default_ref_list[j][i]));
+                }
+            }
+        }
+    }
+
     return 0;
 }