fix invalid memory access after unavailable reference frame insertion

author Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>

Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)

committer Tobias Frost <tobi@debian.org>

Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)
author Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)
committer Tobias Frost <tobi@debian.org>
Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)
diff --git a/libde265/decctx.cc b/libde265/decctx.cc

index 62cf20e537ed09e2e529f2496365f8232cdc4416..edebb71362777cfc5041b9bbdc7ea28f89b05940 100644 (file)
--- a/libde265/decctx.cc
+++ b/libde265/decctx.cc
@@ -1648,9 +1648,8 @@ void decoder_context::process_reference_picture_set(slice_segment_header* hdr)
                                                                      PocStCurrBefore[i], false);
        RefPicSetStCurrBefore[i] = k = concealedPicture;
  
-         if (concealedPicture < picInAnyList.size()) {
-                 picInAnyList[concealedPicture] = true;
-         }
+      picInAnyList.resize(dpb.size(), false); // adjust size of array to hold new picture
+      picInAnyList[concealedPicture] = true;
  
        //printf("  concealed: %d\n", concealedPicture);
      }
@@ -1671,6 +1670,9 @@ void decoder_context::process_reference_picture_set(slice_segment_header* hdr)
        int concealedPicture = generate_unavailable_reference_picture(current_sps.get(),
                                                                      PocStCurrAfter[i], false);
        RefPicSetStCurrAfter[i] = k = concealedPicture;
+
+
+      picInAnyList.resize(dpb.size(), false); // adjust size of array to hold new picture
        picInAnyList[concealedPicture]=true;
  
        //printf("  concealed: %d\n", concealedPicture);
author	Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
	Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)
committer	Tobias Frost <tobi@debian.org>
	Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)