From acafbb4dd26014305bae331d80b9ba7b918d8b8a Mon Sep 17 00:00:00 2001
From: "Ronald S. Bultje" <rsbultje@gmail.com>
Date: Mon, 23 Dec 2013 21:40:13 -0500
Subject: [PATCH] vp9: fix crash if segmentation=1, keyframe/intraonly=1 and
 updatemap=0.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The reference map is never used in such cases, but we accidently copied
it anyway. This could cause crashes if this map has not yet been
allocated. Fixes trac ticket 3188.

Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/vp9.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 88c5bc61b0..78b8d2c23b 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -264,7 +264,8 @@ static int vp9_alloc_frame(AVCodecContext *ctx, VP9Frame *f)
     f->mv = (struct VP9mvrefPair *) (f->extradata->data + sz);
 
     // retain segmentation map if it doesn't update
-    if (s->segmentation.enabled && !s->segmentation.update_map) {
+    if (s->segmentation.enabled && !s->segmentation.update_map &&
+        !s->keyframe && !s->intraonly) {
         memcpy(f->segmentation_map, s->frames[LAST_FRAME].segmentation_map, sz);
     }