From e09ad5bd0de40da9ac33d86f973a85beed85cc47 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 5 Feb 2015 14:55:41 +0100
Subject: avcodec/h264_refs: set last_pic_for_ec only if it has not been set
 previously

This ensures we do not loose the frame in case or multiple clears
Fixes out of array read
Fixes: asan_heap-oob_2fa47ea_2100_cov_1278768963_ff_add_pixels_clamped_mmx.m2ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/h264_refs.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libavcodec/h264_refs.c')

diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 78c283c7a0..8278a07b83 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -493,9 +493,10 @@ void ff_h264_remove_all_refs(H264Context *h)
     }
     assert(h->long_ref_count == 0);
 
-    ff_h264_unref_picture(h, &h->last_pic_for_ec);
-    if (h->short_ref_count)
+    if (h->short_ref_count && !h->last_pic_for_ec.f.data[0]) {
+        ff_h264_unref_picture(h, &h->last_pic_for_ec);
         ff_h264_ref_picture(h, &h->last_pic_for_ec, h->short_ref[0]);
+    }
 
     for (i = 0; i < h->short_ref_count; i++) {
         unreference_pic(h, h->short_ref[i], 0);
-- 
cgit v1.2.3