[FFmpeg-devel] [PATCH 2/2] avformat/oggdec: Reallocate buffer before writing into it

Fri May 1 16:16:57 EEST 2020

Fixes: out of array write
Fixes: Regression since f619e1ec66b89215582eff4404b681b760540b4f

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavformat/oggdec.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index a9034ea61c..7dd48af66c 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -441,6 +441,12 @@ static int ogg_read_page(AVFormatContext *s, int *sid, int probing)
 
         os = ogg->streams + idx;
 
+        ret = buf_realloc(os, size);
+        if (ret < 0) {
+            av_free(readout_buf);
+            return ret;
+        }
+
         memcpy(os->buf + os->bufpos, readout_buf, size);
         av_free(readout_buf);
     }
-- 
2.17.1

