GitList

Browse code

avcodec/hevc_refs: Check nb_refs in add_candidate_ref()

Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cb4ef526dd1e5f547d0354efb0831d07e967919)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Michael Niedermayer authored on 2017/06/15 08:26:01
Showing 1 changed files

libavcodec/hevc_refs.c index 611ad45..df52e40 100644

libavcodec/hevc_refs.c

History View file @ 8152701

@@ -438,7 +438,7 @@ static int add_candidate_ref(HEVCContext *s, RefPicList *list,
+                     {
                          HEVCFrame *ref = find_ref_idx(s, poc);
                     -    if (ref == s->ref)
                     +    if (ref == s->ref || list->nb_refs >= MAX_REFS)
                              return AVERROR_INVALIDDATA;
                          if (!ref) {