From 373fd76b4dbd9aa03ed28e502f33f2ca8c1ce19a Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Sun, 18 Dec 2016 22:06:32 +0100
Subject: [PATCH] hevcdec: do not set decoder-global SPS prematurely

It should only be set after the decoder state has been fully initialized
for using that SPS.
Fixes possible invalid reads on get_format() failure.

CC: libav-stable@libav.org
---
 libavcodec/hevcdec.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 27fd6832ab2..147243e3fe5 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -479,17 +479,16 @@ static int hls_slice_header(HEVCContext *s)
     s->ps.pps = (HEVCPPS*)s->ps.pps_list[sh->pps_id]->data;
 
     if (s->ps.sps != (HEVCSPS*)s->ps.sps_list[s->ps.pps->sps_id]->data) {
+        const HEVCSPS *sps = (HEVCSPS*)s->ps.sps_list[s->ps.pps->sps_id]->data;
         enum AVPixelFormat pix_fmt;
 
-        s->ps.sps = (HEVCSPS*)s->ps.sps_list[s->ps.pps->sps_id]->data;
-
         ff_hevc_clear_refs(s);
 
-        pix_fmt = get_format(s, s->ps.sps);
+        pix_fmt = get_format(s, sps);
         if (pix_fmt < 0)
             return pix_fmt;
 
-        ret = set_sps(s, s->ps.sps, pix_fmt);
+        ret = set_sps(s, sps, pix_fmt);
         if (ret < 0)
             return ret;
 
-- 
GitLab