ref: 4505641741204f5e7c99172ac8986688aa80a78b
parent: 7a1edbafd3c96d21696bb655bd657da6efbca450
author: xiaotiansf <xiaotianshimail@gmail.com>
date: Fri Apr 19 18:00:11 EDT 2019
Fix oss-fuzz newly reported bug 14267. reset reference's references after call DecreasePicBuff when new sequence arrives
--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -228,6 +228,14 @@
pPicNewBuf->ppPic[i]->uiRefCount = 0;
pPicNewBuf->ppPic[i]->bAvailableFlag = true;
pPicNewBuf->ppPic[i]->bIsComplete = false;
+ //remove references
+ for (int32_t listIdx = LIST_0; listIdx < LIST_A; ++listIdx) {+ uint32_t i = 0;
+ while (i < MAX_DPB_COUNT && pPicNewBuf->ppPic[i]->pRefPic[listIdx][i]) {+ pPicNewBuf->ppPic[i]->pRefPic[listIdx][i] = 0;
+ ++i;
+ }
+ }
}
// remove old PicBuf
if (pPicOldBuf->ppPic != NULL) {