[libav-stable] shorten: pad the internal bitstream buffer

Anton Khirnov git at libav.org
Tue Feb 4 22:06:51 CET 2014


Module: libav
Branch: master
Commit: 1713eec29add37b654ec6bf262b843d139c1ffc6

Author:    Anton Khirnov <anton at khirnov.net>
Committer: Anton Khirnov <anton at khirnov.net>
Date:      Thu Nov 28 10:54:35 2013 +0100

shorten: pad the internal bitstream buffer

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org

---

 libavcodec/shorten.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 992e01b..c465fff 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -431,7 +431,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
         void *tmp_ptr;
         s->max_framesize = 1024; // should hopefully be enough for the first header
         tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size,
-                                  s->max_framesize);
+                                  s->max_framesize + FF_INPUT_BUFFER_PADDING_SIZE);
         if (!tmp_ptr) {
             av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n");
             return AVERROR(ENOMEM);



More information about the libav-stable mailing list