ffmpeg | branch: release/2.7 | Michael Niedermayer <michae...@gmx.at> | Tue Jun 30 03:23:30 2015 +0200| [0afb004d3cc42fa520735436a375fdf8c7af66cd] | committer: Michael Niedermayer
avcodec/h264_refs: discard mismatching references Fixes inconsistency and out of array access Fixes: asan_heap-oob_17301a3_2100_cov_3226131691_ff_add_pixels_clamped_mmx.m2ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 4aa0de644a2de62f0bc3013a4533ab9283aa0a65) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0afb004d3cc42fa520735436a375fdf8c7af66cd --- libavcodec/h264_refs.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 379fb26..548a3ba 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -125,6 +125,7 @@ static int add_sorted(H264Picture **sorted, H264Picture **src, int len, int limi int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) { int i, len; + int j; if (sl->slice_type_nos == AV_PICTURE_TYPE_B) { H264Picture *sorted[32]; @@ -188,6 +189,21 @@ int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) } } #endif + + for (j = 0; j<1+(sl->slice_type_nos == AV_PICTURE_TYPE_B); j++) { + for (i = 0; i < sl->ref_count[j]; i++) { + if (h->default_ref_list[j][i].parent) { + AVFrame *f = h->default_ref_list[j][i].parent->f; + if (h->cur_pic_ptr->f->width != f->width || + h->cur_pic_ptr->f->height != f->height || + h->cur_pic_ptr->f->format != f->format) { + av_log(h->avctx, AV_LOG_ERROR, "Discarding mismatching reference\n"); + memset(&h->default_ref_list[j][i], 0, sizeof(h->default_ref_list[j][i])); + } + } + } + } + return 0; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
