From f96fdb46b773eadcfa5de34e800ec456c0e545b9 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 8 Apr 2015 12:29:47 +0200
Subject: [PATCH] avcodec/h264_slice: Dont reset mb_aff_frame per slice

Fixes null pointer dereference
Fixes Ticket4440

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 386601286fed2dff5e1955bc21a0256f6f35ab19)

Conflicts:

	libavcodec/h264_slice.c
(cherry picked from commit ce6d38e9ed0842870f3cd5414937bb6d1f2417d9)
---
 libavcodec/h264_slice.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 560b24f9e6..b667da3956 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1307,6 +1307,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
     int field_pic_flag, bottom_field_flag;
     int first_slice = h == h0 && !h0->current_slice;
     int frame_num, picture_structure, droppable;
+    int mb_aff_frame, last_mb_aff_frame;
     PPS *pps;
 
     h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@@ -1531,7 +1532,8 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
     }
 
     h->mb_mbaff        = 0;
-    h->mb_aff_frame    = 0;
+    mb_aff_frame       = 0;
+    last_mb_aff_frame  = h0->mb_aff_frame;
     last_pic_structure = h0->picture_structure;
     last_pic_droppable = h0->droppable;
     droppable          = h->nal_ref_idc == 0;
@@ -1549,12 +1551,13 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
             picture_structure = PICT_TOP_FIELD + bottom_field_flag;
         } else {
             picture_structure = PICT_FRAME;
-            h->mb_aff_frame      = h->sps.mb_aff;
+            mb_aff_frame      = h->sps.mb_aff;
         }
     }
     if (h0->current_slice) {
         if (last_pic_structure != picture_structure ||
-            last_pic_droppable != droppable) {
+            last_pic_droppable != droppable ||
+            last_mb_aff_frame  != mb_aff_frame) {
             av_log(h->avctx, AV_LOG_ERROR,
                    "Changing field mode (%d -> %d) between slices is not allowed\n",
                    last_pic_structure, h->picture_structure);
@@ -1570,6 +1573,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
     h->picture_structure = picture_structure;
     h->droppable         = droppable;
     h->frame_num         = frame_num;
+    h->mb_aff_frame      = mb_aff_frame;
     h->mb_field_decoding_flag = picture_structure != PICT_FRAME;
 
     if (h0->current_slice == 0) {