shithub: openh264

Download patch

ref: 4227bead55e29c15efcf9b9e80db5240f4cf8b28
parent: 0fc550221585d252f2beb3b6720469875673910b
author: xiaotiansf <[email protected]>
date: Fri Mar 1 11:47:10 EST 2019

Fix ossz-buzz reported bug 13457. (Don't try to dereference never existing P referemece->reference.

--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -167,6 +167,9 @@
 
 static void ResetRefPicReferences (const PWelsDecoderContext& pCtx, const PPicture& inPPic) {
   //seach and reset the references of deleted references.
+  if (pCtx->eSliceType != B_SLICE) {
+    return;
+  }
   for (int32_t list = LIST_0; list < LIST_A; ++list) {
     int32_t refIdx = 0;
     PPicture pPic = pCtx->sRefPic.pRefList[list][refIdx];
--- a/codec/decoder/plus/src/welsDecoderExt.cpp
+++ b/codec/decoder/plus/src/welsDecoderExt.cpp
@@ -581,12 +581,6 @@
 
     eNalType = m_pDecContext->sCurNalHead.eNalUnitType;
 
-    if ((m_pDecContext->iErrorCode & dsRefLost) && m_pDecContext->eSliceType == B_SLICE) {
-      if (ResetDecoder()) {
-        return dsRefLost;
-      }
-      return dsErrorFree;
-    }
     if (m_pDecContext->iErrorCode & dsOutOfMemory) {
       if (ResetDecoder()) {
         return dsOutOfMemory;