[FFmpeg-cvslog] avcodec/h264_refs: set last_pic_for_ec only if it has not been set previously

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Feb  5 14:55:41 2015 +0100| [e09ad5bd0de40da9ac33d86f973a85beed85cc47] | committer: Michael Niedermayer

avcodec/h264_refs: set last_pic_for_ec only if it has not been set previously

This ensures we do not loose the frame in case or multiple clears
Fixes out of array read
Fixes: asan_heap-oob_2fa47ea_2100_cov_1278768963_ff_add_pixels_clamped_mmx.m2ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e09ad5bd0de40da9ac33d86f973a85beed85cc47
---

 libavcodec/h264_refs.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 78c283c..8278a07 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -493,9 +493,10 @@ void ff_h264_remove_all_refs(H264Context *h)
     }
     assert(h->long_ref_count == 0);
 
-    ff_h264_unref_picture(h, &h->last_pic_for_ec);
-    if (h->short_ref_count)
+    if (h->short_ref_count && !h->last_pic_for_ec.f.data[0]) {
+        ff_h264_unref_picture(h, &h->last_pic_for_ec);
         ff_h264_ref_picture(h, &h->last_pic_for_ec, h->short_ref[0]);
+    }
 
     for (i = 0; i < h->short_ref_count; i++) {
         unreference_pic(h, h->short_ref[i], 0);