ref: fd36d2ae0e6ec94bf4d11445e6335f2aaa637a7c
parent: 316a3ba3a7f4770198c66830536474801e1fd5ed
author: xiaotiansf <[email protected]>
date: Tue Jan 22 13:26:39 EST 2019
Fix Bugzilla Bug 1521684 OpenH264: heap-buffer-overflow in [@ WelsDec::CWelsDecoder::FlushFrame]
--- a/codec/decoder/plus/src/welsDecoderExt.cpp
+++ b/codec/decoder/plus/src/welsDecoderExt.cpp
@@ -690,7 +690,8 @@
ppDst[1] = m_sPictInfoList[m_iPictInfoIndex].pData[1];
ppDst[2] = m_sPictInfoList[m_iPictInfoIndex].pData[2];
m_sPictInfoList[m_iPictInfoIndex].iPOC = sIMinInt32;
- m_pDecContext->pPicBuff->ppPic[m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx]->bAvailableFlag = true;
+ if (m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx < m_pDecContext->pPicBuff->iCapacity)
+ m_pDecContext->pPicBuff->ppPic[m_sPictInfoList[m_iPictInfoIndex].iPicBuffIdx]->bAvailableFlag = true;
m_sPictInfoList[m_iPictInfoIndex].bLastGOP = false;
m_iMinPOC = sIMinInt32;
--m_iNumOfPicts;