Commit 9f17489c authored by Janne Grunau's avatar Janne Grunau

unref reference pictures after decoding errors

Fix #115. Fix 'assert(seg_id < 8)' in
clusterfuzz-testcase-minimized-dav1d_fuzzer-5740590025670656 due to
decoding error in the primary reference picture. Credits to oss-fuzz.
parent 46a3fd20
......@@ -3041,6 +3041,22 @@ int dav1d_submit_frame(Dav1dContext *const c) {
if (c->n_fc == 1) {
if ((res = dav1d_decode_frame(f)) < 0) {
dav1d_picture_unref(&c->out);
for (int i = 0; i < 8; i++) {
if (f->frame_hdr.refresh_frame_flags & (1 << i)) {
if (c->refs[i].p.p.data[0])
dav1d_thread_picture_unref(&c->refs[i].p);
if (c->cdf[i].cdf)
dav1d_cdf_thread_unref(&c->cdf[i]);
if (c->refs[i].segmap) {
dav1d_ref_dec(c->refs[i].segmap);
c->refs[i].segmap = NULL;
}
if (c->refs[i].refmvs) {
dav1d_ref_dec(c->refs[i].refmvs);
c->refs[i].refmvs = NULL;
}
}
}
return res;
}
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment