From 4f33a9803a3068ce2d52289fc1db60375dc8b7a5 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 28 May 2020 00:19:56 +0200
Subject: avcodec/mpeg12dec: Fix got_output

This makes got_output consistent with the code in slice_end() which sets the output

in slice_end()
 if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
     int ret = av_frame_ref(pict, s->current_picture_ptr->f);
     ...
 } else {

Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mpeg12dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index 40d054def5..54e122cd9d 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -2497,7 +2497,7 @@ static int decode_chunks(AVCodecContext *avctx, AVFrame *picture,
                     return ret;
                 else if (ret) {
                     // FIXME: merge with the stuff in mpeg_decode_slice
-                    if (s2->last_picture_ptr || s2->low_delay)
+                    if (s2->last_picture_ptr || s2->low_delay || s2->pict_type == AV_PICTURE_TYPE_B)
                         *got_output = 1;
                 }
             }
-- 
cgit v1.2.3