ref: ed7526a2de6a139a3899077fc9dd5965a49e8546
parent: b4612e7626c1fea20dabccaf1d60be006a9c123f
parent: a78d18a40052c8402e017e975fa5e9dc393da382
author: huili2 <[email protected]>
date: Wed Apr 24 11:58:29 EDT 2019
Merge pull request #3125 from xiaotiansf/LastFixes Fix oss-fuzz reported bug 14423 which is caused by the fix of 14267 i…
--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -212,21 +212,20 @@
//update references due to allocation changes
for (int32_t i = 0; i < kiNewSize; i++) {
for (int32_t listIdx = LIST_0; listIdx < LIST_A; ++listIdx) {
- for (int32_t j = 0; j < MAX_DPB_COUNT; j++) {
- if (pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] != NULL) {
- unsigned long long uiTimeStamp = pPicNewBuf->ppPic[i]->pRefPic[listIdx][j]->uiTimeStamp;
- bool foundThePic = false;
- for (int32_t k = 0; k < kiNewSize; k++) {
- if (pPicNewBuf->ppPic[k]->uiTimeStamp == uiTimeStamp) {
- pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = pPicNewBuf->ppPic[k];
- foundThePic = true;
- break;
- }
+ int32_t j = -1;
+ while (++j < MAX_DPB_COUNT && pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] != NULL) {
+ unsigned long long uiTimeStamp = pPicNewBuf->ppPic[i]->pRefPic[listIdx][j]->uiTimeStamp;
+ bool foundThePic = false;
+ for (int32_t k = 0; k < kiNewSize; k++) {
+ if (pPicNewBuf->ppPic[k]->uiTimeStamp == uiTimeStamp) {
+ pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = pPicNewBuf->ppPic[k];
+ foundThePic = true;
+ break;
}
- if (!foundThePic) {
- pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = NULL;
- }
}
+ if (!foundThePic) {
+ pPicNewBuf->ppPic[i]->pRefPic[listIdx][j] = NULL;
+ }
}
}
}
@@ -242,7 +241,7 @@
// initialize context in queue
pPicNewBuf->iCapacity = kiNewSize;
- *ppPicBuf = pPicNewBuf;
+ * ppPicBuf = pPicNewBuf;
for (int32_t i = 0; i < pPicNewBuf->iCapacity; i++) {
pPicNewBuf->ppPic[i]->bUsedAsRef = false;