From 500220a8e84acb952e8a62d88505c5fb6a51843a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 10 May 2013 01:18:12 +0200
Subject: mimic: Fix race condition

Fixes access after free.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/mimic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/mimic.c')

diff --git a/libavcodec/mimic.c b/libavcodec/mimic.c
index 8985f6b470..e2c9369860 100644
--- a/libavcodec/mimic.c
+++ b/libavcodec/mimic.c
@@ -175,7 +175,7 @@ static int mimic_decode_update_thread_context(AVCodecContext *avctx, const AVCod
 
     for (i = 0; i < FF_ARRAY_ELEMS(dst->frames); i++) {
         ff_thread_release_buffer(avctx, &dst->frames[i]);
-        if (src->frames[i].f->data[0]) {
+        if (i != src->next_cur_index && src->frames[i].f->data[0]) {
             ret = ff_thread_ref_frame(&dst->frames[i], &src->frames[i]);
             if (ret < 0)
                 return ret;
-- 
cgit v1.2.3