avcodec/h264_refs: set last_pic_for_ec only if it has not been set previously

This ensures we do not loose the frame in case or multiple clears Fixes out of array read Fixes: asan_heap-oob_2fa47ea_2100_cov_1278768963_ff_add_pixels_clamped_mmx.m2ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/h264_refs: set last_pic_for_ec only if it has not been set previously
This ensures we do not loose the frame in case or multiple clears Fixes out of array read Fixes: asan_heap-oob_2fa47ea_2100_cov_1278768963_ff_add_pixels_clamped_mmx.m2ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
e09ad5bd · Michael Niedermayer · 7dad2f7b · e09ad5bd
Commit e09ad5bd authored Feb 05, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

h264_refs.c libavcodec/h264_refs.c +3 -2

No files found.
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -493,9 +493,10 @@ void ff_h264_remove_all_refs(H264Context *h)
    }
    assert(h->long_ref_count == 0);

-    ff_h264_unref_picture(h, &h->last_pic_for_ec);
-    if (h->short_ref_count)
+    if (h->short_ref_count && !h->last_pic_for_ec.f.data[0]) {
+        ff_h264_unref_picture(h, &h->last_pic_for_ec);
        ff_h264_ref_picture(h, &h->last_pic_for_ec, h->short_ref[0]);
+    }

    for (i = 0; i < h->short_ref_count; i++) {
        unreference_pic(h, h->short_ref[i], 0);