ref: b567f04e0cb1700471724b9c43d6507d69decbd2
parent: cccebfce97479869f2daef1a7c5812381c73dc31
author: Janne Grunau <janne-vlc@jannau.net>
date: Sun Oct 7 14:12:14 EDT 2018
decode: error out on missing reference frames Fixes segfaults with david-fuzzing-data:artifacts/crash-b9015ad03b63131c25016592c3535da1268a08ad.
--- a/src/decode.c
+++ b/src/decode.c
@@ -2775,6 +2775,11 @@
}
for (int i = 0; i < 7; i++) {const int refidx = f->frame_hdr.refidx[i];
+ if (!c->refs[refidx].p.p.data[0]) {+ for (int j = 0; j < i; j++)
+ dav1d_thread_picture_unref(&f->refp[j]);
+ return -EINVAL;
+ }
dav1d_thread_picture_ref(&f->refp[i], &c->refs[refidx].p);
}
}