[FFmpeg-devel] [PATCH 02/11] avformat/apngdec: Make sure that extradata is zero-padded

[Andreas Rheinhardt]

Zeroing the padding has been forgotten.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavformat/apngdec.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index c8db9c6e1f..b5696e069c 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -127,13 +127,14 @@ static int append_extradata(AVCodecParameters *par, AVIOContext *pb, int len)
     int new_size, ret;
     uint8_t *new_extradata;
 
-    if (previous_size > INT_MAX - len)
+    if (previous_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - len)
         return AVERROR_INVALIDDATA;
 
     new_size = previous_size + len;
     new_extradata = av_realloc(par->extradata, new_size + AV_INPUT_BUFFER_PADDING_SIZE);
     if (!new_extradata)
         return AVERROR(ENOMEM);
+    memset(new_extradata + new_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
     par->extradata = new_extradata;
     par->extradata_size = new_size;
 
@@ -177,10 +178,9 @@ static int apng_read_header(AVFormatContext *s)
         return ret;
 
     /* extradata will contain every chunk up to the first fcTL (excluded) */
-    st->codecpar->extradata = av_malloc(len + 12 + AV_INPUT_BUFFER_PADDING_SIZE);
-    if (!st->codecpar->extradata)
-        return AVERROR(ENOMEM);
-    st->codecpar->extradata_size = len + 12;
+    ret = ff_alloc_extradata(st->codecpar, len + 12);
+    if (ret < 0)
+        return ret;
     AV_WB32(st->codecpar->extradata,    len);
     AV_WL32(st->codecpar->extradata+4,  tag);
     AV_WB32(st->codecpar->extradata+8,  st->codecpar->width);
-- 
2.20.1