shithub: openh264

Download patch

ref: 6aaa51dc70c11bf39bfe33840f9b122c115460e2
parent: 4505641741204f5e7c99172ac8986688aa80a78b
author: xiaotiansf <[email protected]>
date: Sat Apr 20 20:07:58 EDT 2019

Additional fix for oss-fuzz 14267. moving up the removing reference's references

--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -209,6 +209,17 @@
     iDelIdx = kiNewSize;
   }
 
+  //remove references
+  for (int32_t i = 0; i < kiNewSize; i++) {
+    for (int32_t listIdx = LIST_0; listIdx < LIST_A; ++listIdx) {
+      uint32_t j = 0;
+      while (j < MAX_DPB_COUNT && pPicNewBuf->ppPic[i]->pRefPic[listIdx][j]) {
+        pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = 0;
+        ++j;
+      }
+    }
+  }
+
   for (iPicIdx = iDelIdx; iPicIdx < kiOldSize; iPicIdx++) {
     if (iPrevPicIdx != iPicIdx) {
       if (pPicOldBuf->ppPic[iPicIdx] != NULL) {
@@ -228,14 +239,6 @@
     pPicNewBuf->ppPic[i]->uiRefCount = 0;
     pPicNewBuf->ppPic[i]->bAvailableFlag = true;
     pPicNewBuf->ppPic[i]->bIsComplete = false;
-    //remove references
-    for (int32_t listIdx = LIST_0; listIdx < LIST_A; ++listIdx) {
-      uint32_t i = 0;
-      while (i < MAX_DPB_COUNT && pPicNewBuf->ppPic[i]->pRefPic[listIdx][i]) {
-        pPicNewBuf->ppPic[i]->pRefPic[listIdx][i] = 0;
-        ++i;
-      }
-    }
   }
   // remove old PicBuf
   if (pPicOldBuf->ppPic != NULL) {