[FFmpeg-devel] [PATCH] H264: fix crash when ref list is emptied
Jeff Downs
heydowns
Wed Sep 5 18:24:25 CEST 2007
The attached patch avoids a crash when H264 MMC operation causes the short
term reference list to be emptied. Currently, removing a short reference
when it is the only entry in the list will cause a call to memmove with
a negative/huge size.
-Jeff
-------------- next part --------------
Index: libavcodec/h264.c
===================================================================
--- libavcodec/h264.c (revision 10291)
+++ libavcodec/h264.c (working copy)
@@ -3874,8 +3874,8 @@
av_log(h->s.avctx, AV_LOG_DEBUG, "%d %d %p\n", i, pic->frame_num, pic);
if(pic->frame_num == frame_num){
h->short_ref[i]= NULL;
- memmove(&h->short_ref[i], &h->short_ref[i+1], (h->short_ref_count - i - 1)*sizeof(Picture*));
- h->short_ref_count--;
+ if (--h->short_ref_count)
+ memmove(&h->short_ref[i], &h->short_ref[i+1], (h->short_ref_count - i)*sizeof(Picture*));
return pic;
}
}
More information about the ffmpeg-devel
mailing list