From 9df9420dea0fc4c523dabc1bb6186c98885bdd9f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 31 Jan 2013 00:45:24 +0100
Subject: interplayvideo: Free previous frames on resolution changes.

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/interplayvideo.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'libavcodec/interplayvideo.c')

diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 3285578a70..e0550a702b 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -969,6 +969,13 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
     if (buf_size < s->decoding_map_size)
         return buf_size;
 
+    if (s->last_frame.data[0] && av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, NULL)) {
+        if (s->last_frame.data[0])
+            avctx->release_buffer(avctx, &s->last_frame);
+        if (s->second_last_frame.data[0])
+            avctx->release_buffer(avctx, &s->second_last_frame);
+    }
+
     s->decoding_map = buf;
     bytestream2_init(&s->stream_ptr, buf + s->decoding_map_size,
                      buf_size - s->decoding_map_size);
-- 
cgit v1.2.3