Commit b735b80b authored by Janne Grunau's avatar Janne Grunau

frame-mt: output delayed frames as soon as possible

c->out can hold a valid picture on bitstream errors after 4903d87b
when frame multi-threading is used. Output this picture instead of
returning the return value of dav1d_parse_obus().

Fixes `assert(dst->data[0] == ((void*)0));` in dav1d_picture_ref with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5743306491822080. Also
fixes a memory leak of frames with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5655593017147392. Credits
to oss-fuzz.
parent 18ab22b6
...@@ -315,17 +315,19 @@ int dav1d_get_picture(Dav1dContext *const c, Dav1dPicture *const out) ...@@ -315,17 +315,19 @@ int dav1d_get_picture(Dav1dContext *const c, Dav1dPicture *const out)
} }
while (in->sz > 0) { while (in->sz > 0) {
if ((res = dav1d_parse_obus(c, in, 0)) < 0) { res = dav1d_parse_obus(c, in, 0);
if (res < 0) {
dav1d_data_unref(in); dav1d_data_unref(in);
return res; } else {
assert((size_t)res <= in->sz);
in->sz -= res;
in->data += res;
if (!in->sz) dav1d_data_unref(in);
} }
assert((size_t)res <= in->sz);
in->sz -= res;
in->data += res;
if (!in->sz) dav1d_data_unref(in);
if (c->out.data[0]) if (c->out.data[0])
break; break;
if (res < 0)
return res;
} }
if (c->out.data[0]) if (c->out.data[0])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment