avcodec/h264_parser: Set sps/pps_ref
authorMichael Niedermayer <michael@niedermayer.cc>
Sat, 2 Jul 2016 01:06:27 +0000 (03:06 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 2 Jul 2016 01:07:23 +0000 (03:07 +0200)
Fixes use of freed memory
Should fix valgrind failures of fate-h264-skip-nointra

Found-by: logan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/h264_parser.c

index 7af2a8d..ce46c58 100644 (file)
@@ -367,13 +367,26 @@ static inline int parse_nal_units(AVCodecParserContext *s,
                        "non-existing PPS %u referenced\n", pps_id);
                 goto fail;
             }
-            p->ps.pps = (const PPS*)p->ps.pps_list[pps_id]->data;
+
+            av_buffer_unref(&p->ps.pps_ref);
+            av_buffer_unref(&p->ps.sps_ref);
+            p->ps.pps = NULL;
+            p->ps.sps = NULL;
+            p->ps.pps_ref = av_buffer_ref(p->ps.pps_list[pps_id]);
+            if (!p->ps.pps_ref)
+                goto fail;
+            p->ps.pps = (const PPS*)p->ps.pps_ref->data;
+
             if (!p->ps.sps_list[p->ps.pps->sps_id]) {
                 av_log(avctx, AV_LOG_ERROR,
                        "non-existing SPS %u referenced\n", p->ps.pps->sps_id);
                 goto fail;
             }
-            p->ps.sps = (const SPS*)p->ps.sps_list[p->ps.pps->sps_id]->data;
+
+            p->ps.sps_ref = av_buffer_ref(p->ps.sps_list[p->ps.pps->sps_id]);
+            if (!p->ps.sps_ref)
+                goto fail;
+            p->ps.sps = (const SPS*)p->ps.sps_ref->data;
 
             sps = p->ps.sps;