shithub: openh264

Download patch

ref: fd36d2ae0e6ec94bf4d11445e6335f2aaa637a7c
parent: 316a3ba3a7f4770198c66830536474801e1fd5ed
author: xiaotiansf <[email protected]>
date: Tue Jan 22 13:26:39 EST 2019

Fix Bugzilla Bug 1521684 OpenH264: heap-buffer-overflow in [@ WelsDec::CWelsDecoder::FlushFrame]

--- a/codec/decoder/plus/src/welsDecoderExt.cpp
+++ b/codec/decoder/plus/src/welsDecoderExt.cpp
@@ -690,7 +690,8 @@
     ppDst[1] = m_sPictInfoList[m_iPictInfoIndex].pData[1];
     ppDst[2] = m_sPictInfoList[m_iPictInfoIndex].pData[2];
     m_sPictInfoList[m_iPictInfoIndex].iPOC = sIMinInt32;
-    m_pDecContext->pPicBuff->ppPic[m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx]->bAvailableFlag = true;
+    if (m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx < m_pDecContext->pPicBuff->iCapacity)
+      m_pDecContext->pPicBuff->ppPic[m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx]->bAvailableFlag = true;
     m_sPictInfoList[m_iPictInfoIndex].bLastGOP = false;
     m_iMinPOC = sIMinInt32;
     --m_iNumOfPicts;