[FFmpeg-cvslog] avutil/mem: Fix potential overflow in overallocation code
Michael Niedermayer
git at videolan.org
Sat Jul 11 23:44:39 CEST 2015
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jul 11 22:47:09 2015 +0200| [b3415e4c5f9205820fd6c9211ad50a4df2692a36] | committer: Michael Niedermayer
avutil/mem: Fix potential overflow in overallocation code
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b3415e4c5f9205820fd6c9211ad50a4df2692a36
---
libavutil/mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavutil/mem.c b/libavutil/mem.c
index da291fb..d828ccc 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -480,7 +480,7 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size)
if (min_size < *size)
return ptr;
- min_size = FFMAX(17 * min_size / 16 + 32, min_size);
+ min_size = FFMAX(min_size + min_size / 16 + 32, min_size);
ptr = av_realloc(ptr, min_size);
/* we could set this to the unmodified min_size but this is safer
@@ -500,7 +500,7 @@ static inline int ff_fast_malloc(void *ptr, unsigned int *size, size_t min_size,
if (min_size < *size)
return 0;
- min_size = FFMAX(17 * min_size / 16 + 32, min_size);
+ min_size = FFMAX(min_size + min_size / 16 + 32, min_size);
av_freep(ptr);
val = zero_realloc ? av_mallocz(min_size) : av_malloc(min_size);
memcpy(ptr, &val, sizeof(val));
More information about the ffmpeg-cvslog
mailing list