[FFmpeg-cvslog] avcodec/a64multienc: don't set incorrect packet size
Michael Niedermayer
git at videolan.org
Mon Feb 23 02:26:47 CET 2015
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Feb 23 01:21:30 2015 +0100| [d96142e9af92ded84f2580620c571ab96c4bb657] | committer: Michael Niedermayer
avcodec/a64multienc: don't set incorrect packet size
This fixes invalid reads of the packet buffer in av_dup_packet
Based on patch by Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d96142e9af92ded84f2580620c571ab96c4bb657
---
libavcodec/a64multienc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c
index dfb4414..16fb2d6 100644
--- a/libavcodec/a64multienc.c
+++ b/libavcodec/a64multienc.c
@@ -336,8 +336,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
req_size = 0;
/* any frames to encode? */
if (c->mc_lifetime) {
- req_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
- if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0)
+ int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
+ if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0)
return ret;
buf = pkt->data;
@@ -359,6 +359,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
/* advance pointers */
buf += charset_size;
+ req_size += charset_size;
}
/* write x frames to buf */
More information about the ffmpeg-cvslog
mailing list