[FFmpeg-devel] [PATCH 02/41] avformat/avidec: use ff_alloc_extradata()
Paul B Mahol
onemda at gmail.com
Sun Oct 13 16:52:17 CEST 2013
On 10/13/13, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Sun, Oct 13, 2013 at 12:48:23PM +0000, Paul B Mahol wrote:
>> Signed-off-by: Paul B Mahol <onemda at gmail.com>
>> ---
>> libavformat/avidec.c | 12 ++----------
>> 1 file changed, 2 insertions(+), 10 deletions(-)
>>
>> diff --git a/libavformat/avidec.c b/libavformat/avidec.c
>> index 44ab9d9..1a40e94 100644
>> --- a/libavformat/avidec.c
>> +++ b/libavformat/avidec.c
>> @@ -648,12 +648,8 @@ static int avi_read_header(AVFormatContext *s)
>> st->codec->extradata_size = esize - 10 * 4;
>> } else
>> st->codec->extradata_size = size - 10 * 4;
>> - st->codec->extradata =
>> av_malloc(st->codec->extradata_size +
>> -
>> FF_INPUT_BUFFER_PADDING_SIZE);
>> - if (!st->codec->extradata) {
>> - st->codec->extradata_size = 0;
>> + if (ff_alloc_extradata(st->codec,
>> st->codec->extradata_size))
>
> code like this together with
> + if (size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE)
> + return AVERROR(EINVAL);
>
> could leave extradata_size inconsistent with extradata
>
> either ff_alloc_extradata( ) or callers should be changed to avoid
> this
changed ff_alloc_extradata to set extradata_size to 0.
>
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> During times of universal deceit, telling the truth becomes a
> revolutionary act. -- George Orwell
>
More information about the ffmpeg-devel
mailing list