shithub: openh264

Download patch

ref: 48a90c47fe5c569a87fe0e09d3b549ceb87150e4
parent: fbb525f8430aef621b8eccbff085ae36134f5bf9
author: xiaotiansf <xiaotianshimail@gmail.com>
date: Wed Apr 3 06:53:18 EDT 2019 

Fix oss-fuzzer 14035. Reset all B-frame's reference's references when IDR is lost to prevent temporal prediction from trying to access lost references.


--- a/codec/decoder/core/src/manage_dec_ref.cpp
+++ b/codec/decoder/core/src/manage_dec_ref.cpp
@@ -126,6 +126,14 @@
         pRef->bIsComplete = false; // Set complete flag to false for lost IDR ref picture
         pRef->iSpsId = pCtx->pSps->iSpsId;
         pRef->iPpsId = pCtx->pPps->iPpsId;
+        if (pCtx->eSliceType == B_SLICE) {
+          //reset reference's references when IDR is lost
+          for (int32_t list = LIST_0; list < LIST_A; ++list) {
+            for (int32_t i = 0; i < 17; ++i) {
+              pRef->pRefPic[list][i] = NULL;
+            }
+          }
+        }
         pCtx->iErrorCode |= dsDataErrorConcealed;
         bool bCopyPrevious = ((ERROR_CON_FRAME_COPY_CROSS_IDR == pCtx->pParam->eEcActiveIdc)
                               || (ERROR_CON_SLICE_COPY_CROSS_IDR == pCtx->pParam->eEcActiveIdc)