From c5a738ca4e9789b4678b10240777d931e7dc24c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Storsj=C3=B6?= <martin@martin.st>
Date: Fri, 1 Mar 2013 16:45:24 +0200
Subject: [PATCH 1/2] flvdec: Check the return value of a malloc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The callers of this function can't report errors sanely. If this
one malloc fails, don't write the extradata byte, make sure we
try to malloc it the next time we're called instead, and make sure
we still consume the input data byte.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavformat/flvdec.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index e45a9a2bfa..403a9b5089 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -213,10 +213,14 @@ static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream, int flv_co
                 vcodec->codec_id = AV_CODEC_ID_VP6A;
             if (read) {
                 if (vcodec->extradata_size != 1) {
-                    vcodec->extradata_size = 1;
                     vcodec->extradata = av_malloc(1);
+                    if (vcodec->extradata)
+                        vcodec->extradata_size = 1;
                 }
-                vcodec->extradata[0] = avio_r8(s->pb);
+                if (vcodec->extradata)
+                    vcodec->extradata[0] = avio_r8(s->pb);
+                else
+                    avio_skip(s->pb, 1);
             }
             return 1; // 1 byte body size adjustment for flv_read_packet()
         case FLV_CODECID_H264:

From e671d3ad6cd7fe1d02e9b35b889a25d8c059fce9 Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Thu, 14 Feb 2013 11:41:10 +0100
Subject: [PATCH 2/2] h264: do not copy ref count/ref2frm when updating
 per-frame context

They are filled in decode_slice_header() anyway.
---
 libavcodec/h264.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index a20a6f7b55..d816835cbf 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -1563,8 +1563,6 @@ static int decode_update_thread_context(AVCodecContext *dst,
     copy_fields(h, h1, poc_lsb, redundant_pic_count);
 
     // reference lists
-    copy_fields(h, h1, ref_count, list_count);
-    copy_fields(h, h1, ref2frm, intra_gb);
     copy_fields(h, h1, short_ref, cabac_init_idc);
 
     copy_picture_range(h->short_ref, h1->short_ref, 32, h, h1);