avcodec/h264_slice: Clear ref_counts on redundant slices

Fixes reading freed memory Fixes: 568/clusterfuzz-testcase-6107186067406848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c03029a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264_slice: Clear ref_counts on redundant slices
Fixes reading freed memory Fixes: 568/clusterfuzz-testcase-6107186067406848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c03029a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
d20200d3 · Michael Niedermayer · 02a5e88e · d20200d3
Commit d20200d3 authored Feb 08, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

h264.c libavcodec/h264.c +2 -1

No files found.
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -1023,7 +1023,8 @@ again:
 #endif
                } else
                    context_count++;
-            }
+            } else
+                sl->ref_count[0] = sl->ref_count[1] = 0;
            break;
        case NAL_DPA:
        case NAL_DPB: