From 7296716e355c73650033b57bafe44063d3670117 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 25 Feb 2015 03:22:13 +0100
Subject: avcodec/h264: Clear last_pic_for_ec on seeks and reinits

Fixes out of array read
Fixes: asan_heap-oob_2ff30d2_3479_cov_3803648058_src13_hrc7_525_420_2.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/h264.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libavcodec/h264.c')

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index c10bd8149f..a3230980b3 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -1084,6 +1084,8 @@ void ff_h264_flush_change(H264Context *h)
                 h->delayed_pic[j++] = h->delayed_pic[i];
         h->delayed_pic[j] = NULL;
     }
+    ff_h264_unref_picture(h, &h->last_pic_for_ec);
+
     h->first_field = 0;
     ff_h264_reset_sei(h);
     h->recovery_frame = -1;
-- 
cgit v1.2.3