[FFmpeg-cvslog] avcodec/a64multienc: don't set incorrect packet size

Michael Niedermayer git at videolan.org
Sat Mar 21 02:30:03 CET 2015


ffmpeg | branch: release/2.5 | Michael Niedermayer <michaelni at gmx.at> | Mon Feb 23 01:21:30 2015 +0100| [804e1e1610528ac8cbe9dec389e14eabde359997] | committer: Michael Niedermayer

avcodec/a64multienc: don't set incorrect packet size

This fixes invalid reads of the packet buffer in av_dup_packet

Based on patch by Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit d96142e9af92ded84f2580620c571ab96c4bb657)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=804e1e1610528ac8cbe9dec389e14eabde359997
---

 libavcodec/a64multienc.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c
index 60644a2..889e8eb 100644
--- a/libavcodec/a64multienc.c
+++ b/libavcodec/a64multienc.c
@@ -336,8 +336,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
         req_size = 0;
         /* any frames to encode? */
         if (c->mc_lifetime) {
-            req_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
-            if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0)
+            int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
+            if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0)
                 return ret;
             buf = pkt->data;
 
@@ -353,6 +353,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
 
             /* advance pointers */
             buf      += charset_size;
+            req_size += charset_size;
         }
 
         /* write x frames to buf */



More information about the ffmpeg-cvslog mailing list