From 330863c9f19a23c500ba7901a23f1cc377b353bb Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 30 Jun 2015 19:37:12 +0200
Subject: [PATCH] avcodec/h264_slice: Use w/h from the AVFrame instead of
 mb_w/h

Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/h264_slice.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index f755b96f2e..35ef7bf8d3 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1579,8 +1579,8 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
                                   (const uint8_t **)prev->f->data,
                                   prev->f->linesize,
                                   prev->f->format,
-                                  h->mb_width  * 16,
-                                  h->mb_height * 16);
+                                  prev->f->width,
+                                  prev->f->height);
                     h->short_ref[0]->poc = prev->poc + 2;
                 }
                 h->short_ref[0]->frame_num = h->prev_frame_num;