From d9226b3717fda04c5cde8f51c4dc85fa735b1909 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 12 Jan 2013 04:45:21 +0100
Subject: [PATCH] mpegvideo: dont leave stale pointers in next/last picture

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/mpegvideo.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index 4609b0b7314..4fd8062a0b1 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -1496,6 +1496,8 @@ int ff_MPV_frame_start(MpegEncContext *s, AVCodecContext *avctx)
         }
     }
 
+    memset(s->last_picture.f.data, 0, sizeof(s->last_picture.f.data));
+    memset(s->next_picture.f.data, 0, sizeof(s->next_picture.f.data));
     if (s->last_picture_ptr)
         ff_copy_picture(&s->last_picture, s->last_picture_ptr);
     if (s->next_picture_ptr)
-- 
GitLab