From e9d443cf08503f7bd0149576ba9e891322de340d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 25 Jan 2013 00:41:16 +0100
Subject: [PATCH] eacmv: Free frames on resolution changes

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/eacmv.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index a129161386b..33c614588d4 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -132,8 +132,13 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t
 
     s->width  = AV_RL16(&buf[4]);
     s->height = AV_RL16(&buf[6]);
-    if (s->avctx->width!=s->width || s->avctx->height!=s->height)
+    if (s->avctx->width!=s->width || s->avctx->height!=s->height) {
         avcodec_set_dimensions(s->avctx, s->width, s->height);
+        if (s->frame.data[0])
+            s->avctx->release_buffer(s->avctx, &s->frame);
+        if (s->last_frame.data[0])
+            s->avctx->release_buffer(s->avctx, &s->last_frame);
+    }
 
     s->avctx->time_base.num = 1;
     s->avctx->time_base.den = AV_RL16(&buf[10]);
-- 
2.39.5