avcodec/h264_refs: set last_pic_for_ec only if it has not been set previously

This ensures we do not loose the frame in case or multiple clears Fixes out of array read Fixes: asan_heap-oob_2fa47ea_2100_cov_1278768963_ff_add_pixels_clamped_mmx.m2ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-02-05 14:55:41 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2015-02-05 14:57:42 +0100
commit: e09ad5bd0de40da9ac33d86f973a85beed85cc47 (patch)
tree: 4809e7ee803b6097e2f521a77233a3272d0461b7 /libavcodec
parent: 7dad2f7bb9753ba7a4a0cf0f69459dfec151e21c (diff)
download: ffmpeg-e09ad5bd0de40da9ac33d86f973a85beed85cc47.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 78c283c7a0..8278a07b83 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -493,9 +493,10 @@ void ff_h264_remove_all_refs(H264Context *h)
     }
     assert(h->long_ref_count == 0);
 
-    ff_h264_unref_picture(h, &h->last_pic_for_ec);
-    if (h->short_ref_count)
+    if (h->short_ref_count && !h->last_pic_for_ec.f.data[0]) {
+        ff_h264_unref_picture(h, &h->last_pic_for_ec);
         ff_h264_ref_picture(h, &h->last_pic_for_ec, h->short_ref[0]);
+    }
 
     for (i = 0; i < h->short_ref_count; i++) {
         unreference_pic(h, h->short_ref[i], 0);
author	Michael Niedermayer <michaelni@gmx.at>	2015-02-05 14:55:41 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2015-02-05 14:57:42 +0100
commit	e09ad5bd0de40da9ac33d86f973a85beed85cc47 (patch)
tree	4809e7ee803b6097e2f521a77233a3272d0461b7 /libavcodec
parent	7dad2f7bb9753ba7a4a0cf0f69459dfec151e21c (diff)
download	ffmpeg-e09ad5bd0de40da9ac33d86f973a85beed85cc47.tar.gz