From 0cb3cab3431276c9339df91bfdbf30510d784a6c Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Wed, 13 Feb 2013 21:04:42 +0100
Subject: [PATCH] eamad: allocate a dummy reference frame when the real one is
 missing

Fixes invalid reads when the first frame is not an I-frame.

CC:libav-stable@libav.org
(cherry picked from commit 7b89cd20d844cbe763ca34e63e99d110043cf241)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
---
 libavcodec/eamad.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c
index cf44ae98e3..bb4c7babde 100644
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -264,6 +264,21 @@ static int decode_frame(AVCodecContext *avctx,
         }
     }
 
+    if (inter && !s->last_frame.data[0]) {
+        int ret;
+        av_log(avctx, AV_LOG_WARNING, "Missing reference frame.\n");
+        s->last_frame.reference = 1;
+        ret = ff_get_buffer(avctx, &s->last_frame);
+        if (ret < 0)
+            return ret;
+        memset(s->last_frame.data[0], 0, s->last_frame.height *
+               s->last_frame.linesize[0]);
+        memset(s->last_frame.data[1], 0x80, s->last_frame.height / 2 *
+               s->last_frame.linesize[1]);
+        memset(s->last_frame.data[2], 0x80, s->last_frame.height / 2 *
+               s->last_frame.linesize[2]);
+    }
+
     av_fast_padded_malloc(&s->bitstream_buf, &s->bitstream_buf_size,
                           buf_end - buf);
     if (!s->bitstream_buf)