[FFmpeg-cvslog] h264: don t leave stale pointers in delayed_pic in flush_changes.

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Jan 14 02:54:16 2013 +0100| [aaa7d2fafcc375d8cdef25a289008821c9c2fbaa] | committer: Michael Niedermayer

h264: don t leave stale pointers in delayed_pic in flush_changes.

Fixes null pointer dereference & assertion failure

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aaa7d2fafcc375d8cdef25a289008821c9c2fbaa
---

 libavcodec/h264.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 3b7ad98..d8d438e 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -2153,12 +2153,19 @@ static void idr(H264Context *h)
 /* forget old pics after a seek */
 static void flush_change(H264Context *h)
 {
+    int i, j;
+
     h->outputed_poc = h->next_outputed_poc = INT_MIN;
     h->prev_interlaced_frame = 1;
     idr(h);
     h->prev_frame_num = -1;
-    if (h->s.current_picture_ptr)
+    if (h->s.current_picture_ptr) {
         h->s.current_picture_ptr->f.reference = 0;
+        for (j=i=0; h->delayed_pic[i]; i++)
+            if (h->delayed_pic[i] != h->s.current_picture_ptr)
+                h->delayed_pic[j++] = h->delayed_pic[i];
+        h->delayed_pic[j] = NULL;
+    }
     h->s.first_field = 0;
     memset(h->ref_list[0], 0, sizeof(h->ref_list[0]));
     memset(h->ref_list[1], 0, sizeof(h->ref_list[1]));