[FFmpeg-cvslog] shorten: fix "off by padding" bug
Michael Niedermayer
git at videolan.org
Thu Jan 16 02:46:58 CET 2014
ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Wed May 22 17:39:22 2013 +0200| [dee327b0e70d7051ed0d349974e88bd1ec8a246c] | committer: Michael Niedermayer
shorten: fix "off by padding" bug
Fixes array overread
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ad22767cb61cdc75541b21154d65fd1ad6351025)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dee327b0e70d7051ed0d349974e88bd1ec8a246c
---
libavcodec/shorten.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 5765fa4..af17d9d 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -437,7 +437,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
buf_size = FFMIN(buf_size, s->max_framesize - s->bitstream_size);
input_buf_size = buf_size;
- if (s->bitstream_index + s->bitstream_size + buf_size >
+ if (s->bitstream_index + s->bitstream_size + buf_size + FF_INPUT_BUFFER_PADDING_SIZE >
s->allocated_bitstream_size) {
memmove(s->bitstream, &s->bitstream[s->bitstream_index],
s->bitstream_size);
More information about the ffmpeg-cvslog
mailing list