[FFmpeg-cvslog] Fix a heap-buffer-overflow

[Thierry Foucu]

ffmpeg | branch: master | Thierry Foucu <tfoucu at gmail.com> | Wed Jan 25 15:46:14 2012 -0800| [10e9d1f76b4bec7a3c581ab7ac494f55acc6f24d] | committer: Michael Niedermayer

Fix a heap-buffer-overflow

In some case, what left to read from ptr is smaller than EXTRABYTES.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=10e9d1f76b4bec7a3c581ab7ac494f55acc6f24d
---

 libavcodec/mpegaudiodec.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 51b1970..f976433 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1385,7 +1385,8 @@ static int mp_decode_layer3(MPADecodeContext *s)
         av_dlog(s->avctx, "seekback: %d\n", main_data_begin);
     //av_log(NULL, AV_LOG_ERROR, "backstep:%d, lastbuf:%d\n", main_data_begin, s->last_buf_size);
 
-        memcpy(s->last_buf + s->last_buf_size, ptr, EXTRABYTES);
+        memcpy(s->last_buf + s->last_buf_size, ptr,
+               FFMIN(EXTRABYTES, (s->gb.size_in_bits - get_bits_count(&s->gb))>>3));
         s->in_gb = s->gb;
         init_get_bits(&s->gb, s->last_buf, s->last_buf_size*8);
 #if !UNCHECKED_BITSTREAM_READER