From aaa7d2fafcc375d8cdef25a289008821c9c2fbaa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 14 Jan 2013 02:54:16 +0100 Subject: [PATCH] h264: don t leave stale pointers in delayed_pic in flush_changes. Fixes null pointer dereference & assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3b7ad98b99..d8d438e0c8 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2153,12 +2153,19 @@ static void idr(H264Context *h) /* forget old pics after a seek */ static void flush_change(H264Context *h) { + int i, j; + h->outputed_poc = h->next_outputed_poc = INT_MIN; h->prev_interlaced_frame = 1; idr(h); h->prev_frame_num = -1; - if (h->s.current_picture_ptr) + if (h->s.current_picture_ptr) { h->s.current_picture_ptr->f.reference = 0; + for (j=i=0; h->delayed_pic[i]; i++) + if (h->delayed_pic[i] != h->s.current_picture_ptr) + h->delayed_pic[j++] = h->delayed_pic[i]; + h->delayed_pic[j] = NULL; + } h->s.first_field = 0; memset(h->ref_list[0], 0, sizeof(h->ref_list[0])); memset(h->ref_list[1], 0, sizeof(h->ref_list[1]));