[FFmpeg-cvslog] avutil/mem: Fix potential overflow in overallocation code

Michael Niedermayer git at videolan.org
Sat Jul 11 23:44:39 CEST 2015


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jul 11 22:47:09 2015 +0200| [b3415e4c5f9205820fd6c9211ad50a4df2692a36] | committer: Michael Niedermayer

avutil/mem: Fix potential overflow in overallocation code

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b3415e4c5f9205820fd6c9211ad50a4df2692a36
---

 libavutil/mem.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavutil/mem.c b/libavutil/mem.c
index da291fb..d828ccc 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -480,7 +480,7 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size)
     if (min_size < *size)
         return ptr;
 
-    min_size = FFMAX(17 * min_size / 16 + 32, min_size);
+    min_size = FFMAX(min_size + min_size / 16 + 32, min_size);
 
     ptr = av_realloc(ptr, min_size);
     /* we could set this to the unmodified min_size but this is safer
@@ -500,7 +500,7 @@ static inline int ff_fast_malloc(void *ptr, unsigned int *size, size_t min_size,
 
     if (min_size < *size)
         return 0;
-    min_size = FFMAX(17 * min_size / 16 + 32, min_size);
+    min_size = FFMAX(min_size + min_size / 16 + 32, min_size);
     av_freep(ptr);
     val = zero_realloc ? av_mallocz(min_size) : av_malloc(min_size);
     memcpy(ptr, &val, sizeof(val));



More information about the ffmpeg-cvslog mailing list