virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avcodec/h264dec: Clear ref_count on slice header processing failure

Browse Source 
Fixes using freed memory
Introduced in 7448019890
Fixes: 471/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_H264_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2017-01-27 00:14:02 +01:00
parent 1ae39429e4
commit f28299da8d
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/h264dec.c
View File

@@ -670,8 +670,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size)
case H264_NAL_SLICE:
h->has_slice = 1;
if ((err = ff_h264_queue_decode_slice(h, nal)))
if ((err = ff_h264_queue_decode_slice(h, nal))) {
H264SliceContext *sl = h->slice_ctx + h->nb_slice_ctx_queued;
sl->ref_count[0] = sl->ref_count[1] = 0;
break;
}
if (h->current_slice == 1) {
if (avctx->active_thread_type & FF_THREAD_FRAME && !h->avctx->hwaccel &&