[Ffmpeg-devel] Memory corruption playing invalid h264 file

[Uoti Urpala]

I got memory corruption leading to a crash when playing a corrupted h264
file. It seems the reason was mpegvideo.c ff_find_unused_picture()
returning -1 when it fails to find an unused one (after assert(0), but
asserts are disabled). Code calling ff_find_unused_picture() does not
check the return value and proceeds to write to s->picture[-1].