shithub: openh264

Download patch

ref: b4612e7626c1fea20dabccaf1d60be006a9c123f
parent: dedc305a00c428cfee5ab0256f149a8284647ddf
parent: ccb105af9e814d3e467edd28db753e52965a5d7a
author: huili2 <huili2@cisco.com>
date: Tue Apr 23 05:08:40 EDT 2019 

Merge pull request #3123 from xiaotiansf/LastFixes

Fix oss-fuzz newly reported bug 14267. reset reference's references a…


--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -209,6 +209,28 @@
     iDelIdx = kiNewSize;
   }
 
+  //update references due to allocation changes
+  for (int32_t i = 0; i < kiNewSize; i++) {
+    for (int32_t listIdx = LIST_0; listIdx < LIST_A; ++listIdx) {
+      for (int32_t j = 0; j < MAX_DPB_COUNT; j++) {
+        if (pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] != NULL) {
+          unsigned long long uiTimeStamp = pPicNewBuf->ppPic[i]->pRefPic[listIdx][j]->uiTimeStamp;
+          bool foundThePic = false;
+          for (int32_t k = 0; k < kiNewSize; k++) {
+            if (pPicNewBuf->ppPic[k]->uiTimeStamp == uiTimeStamp) {
+              pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = pPicNewBuf->ppPic[k];
+              foundThePic = true;
+              break;
+            }
+          }
+          if (!foundThePic) {
+            pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = NULL;
+          }
+        }
+      }
+    }
+  }
+
   for (iPicIdx = iDelIdx; iPicIdx < kiOldSize; iPicIdx++) {
     if (iPrevPicIdx != iPicIdx) {
       if (pPicOldBuf->ppPic[iPicIdx] != NULL) {