avcodec picture copy heap-buffer-overflow

https://wowzaec2demo.streamlock.net/vod-multitrack/_definst_/smil:ElephantsDream/elephantsdream2.smil/playlist.m3u

=================================================================
==6610==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63000034f74f at pc 0x7f669c45ebe7 bp 0x7f6660706630 sp 0x7f6660705dd8
READ of size 384 at 0x63000034f74f thread T53
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f669c45ebe6  (/lib64/libasan.so.5+0x40be6)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f66630ed2e8 in lavc_CopyPicture codec/avcodec/video.c:435
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f66630fc01b in DecodeBlock codec/avcodec/video.c:1259
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f66630fd56b in DecodeVideo codec/avcodec/video.c:1356
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f669b685009 in DecoderDecode input/decoder.c:1307
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f669b68605d in DecoderProcess input/decoder.c:1430
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f669b6893ac in DecoderThread input/decoder.c:1690
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f669a1d858d in start_thread (/lib64/libpthread.so.0+0x858d)
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7f669a107682 in clone (/lib64/libc.so.6+0xfd682)

0x63000034f74f is located 0 bytes to the right of 62287-byte region [0x630000340400,0x63000034f74f)
allocated by thread T49 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f669c50ea20 in __interceptor_posix_memalign (/lib64/libasan.so.5+0xf0a20)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f6663a4b116 in av_malloc libavutil/mem.c:87

Thread T53 created by T12 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f669c470f63 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52f63)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f669b90f35f in vlc_clone_attr posix/thread.c:421
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f669b90f54a in vlc_clone posix/thread.c:433
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f669b68ecb8 in decoder_New input/decoder.c:2069
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f669b68ee23 in input_DecoderNew input/decoder.c:2091
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f669b6bf1c7 in EsOutCreateDecoder input/es_out.c:1824
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f669b6c0d3e in EsOutSelectEs input/es_out.c:1937
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f669b6c42a0 in EsOutSelect input/es_out.c:2169
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7f669b6ca166 in EsOutVaControlLocked input/es_out.c:2528
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x7f669b6d5112 in EsOutControl input/es_out.c:3196
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7f669b6dc7d1 in es_out_vaControl ../include/vlc_es_out.h:158
    [#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x7f669b6dc8f1 in es_out_Control ../include/vlc_es_out.h:167
    [#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x7f669b6f0835 in CmdExecuteControl input/es_out_timeshift.c:1556
    [#13](https://code.videolan.org/videolan/vlc/-/issues/13) 0x7f669b6e16dd in ControlLocked input/es_out_timeshift.c:638
    [#14](https://code.videolan.org/videolan/vlc/-/issues/14) 0x7f669b6e3865 in Control input/es_out_timeshift.c:764
    [#15](https://code.videolan.org/videolan/vlc/-/issues/15) 0x7f669b6f461e in es_out_vaControl ../include/vlc_es_out.h:158
    [#16](https://code.videolan.org/videolan/vlc/-/issues/16) 0x7f669b6f473e in es_out_Control ../include/vlc_es_out.h:167
    [#17](https://code.videolan.org/videolan/vlc/-/issues/17) 0x7f669b6f8351 in es_out_SetMode input/es_out.h:97
    [#18](https://code.videolan.org/videolan/vlc/-/issues/18) 0x7f669b7082cd in InitPrograms input/input.c:1335
    [#19](https://code.videolan.org/videolan/vlc/-/issues/19) 0x7f669b7091f4 in Init input/input.c:1416
    [#20](https://code.videolan.org/videolan/vlc/-/issues/20) 0x7f669b6fdcc7 in Run input/input.c:563
    [#21](https://code.videolan.org/videolan/vlc/-/issues/21) 0x7f669a1d858d in start_thread (/lib64/libpthread.so.0+0x858d)

Thread T12 created by T0 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f669c470f63 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52f63)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f669b90f35f in vlc_clone_attr posix/thread.c:421
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f669b90f54a in vlc_clone posix/thread.c:433
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f669b6f9140 in input_Start input/input.c:200
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f669b72cc4f in vlc_player_input_Start input/player.c:703
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f669b74c8cc in vlc_player_Start input/player.c:2207
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f669b622411 in vlc_playlist_Start playlist/player.c:164
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f669b5e983c in libvlc_InternalPlay interface/interface.c:269
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7f669c332beb in libvlc_playlist_play /home/fcartegn/vlcsource/vlc/lib/playlist.c:38
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x40333e in main /home/fcartegn/vlcsource/vlc/bin/vlc.c:248
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7f669a02e412 in __libc_start_main (/lib64/libc.so.6+0x24412)

Thread T49 created by T12 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f669c470f63 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52f63)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f66633c1db1 in ff_frame_thread_init libavcodec/pthread_frame.c:828

SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.5+0x40be6) 
Shadow bytes around the buggy address:
  0x0c6080061e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c6080061ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c6080061eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c6080061ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c6080061ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c6080061ee0: 00 00 00 00 00 00 00 00 00[07]fa fa fa fa fa fa
  0x0c6080061ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6080061f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6080061f10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6080061f20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6080061f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6610==ABORTING