[FFmpeg-cvslog] parser: fix large overreads
Michael Niedermayer
git at videolan.org
Sun Oct 6 19:06:13 CEST 2013
ffmpeg | branch: release/0.7 | Michael Niedermayer <michaelni at gmx.at> | Wed Oct 3 16:06:23 2012 +0200| [9c713f30e4913a28d93eb37ea5db7f62be4c0ef6] | committer: Reinhard Tartler
parser: fix large overreads
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>
(cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c713f30e4913a28d93eb37ea5db7f62be4c0ef6
---
libavcodec/parser.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index 03f548e..aeabf69 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -261,7 +261,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
if(!new_buffer)
return AVERROR(ENOMEM);
pc->buffer = new_buffer;
- memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE );
+ if (next > -FF_INPUT_BUFFER_PADDING_SIZE)
+ memcpy(&pc->buffer[pc->index], *buf,
+ next + FF_INPUT_BUFFER_PADDING_SIZE);
pc->index = 0;
*buf= pc->buffer;
}
More information about the ffmpeg-cvslog
mailing list