[FFmpeg-cvslog] parser: fix large overreads

Michael Niedermayer git at videolan.org
Sun Apr 7 15:38:18 CEST 2013


ffmpeg | branch: release/0.10 | Michael Niedermayer <michaelni at gmx.at> | Wed Oct  3 16:06:23 2012 +0200| [f82e127dd9c7c0d54bf6400f83c7825e571f9a9e] | committer: Luca Barbato

parser: fix large overreads

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>

(cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f)

Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f82e127dd9c7c0d54bf6400f83c7825e571f9a9e
---

 libavcodec/parser.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index 9fd7af6..1bb5f8c 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -261,7 +261,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
         if(!new_buffer)
             return AVERROR(ENOMEM);
         pc->buffer = new_buffer;
-        memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE );
+        if (next > -FF_INPUT_BUFFER_PADDING_SIZE)
+            memcpy(&pc->buffer[pc->index], *buf,
+                   next + FF_INPUT_BUFFER_PADDING_SIZE);
         pc->index = 0;
         *buf= pc->buffer;
     }



More information about the ffmpeg-cvslog mailing list