avcodec/svq3: Dont memcpy AVFrame

This avoids out of array accesses Fixes: asan_heap-uaf_21f42e4_9_asan_heap-uaf_21f42e4_278_gl2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/svq3: Dont memcpy AVFrame
This avoids out of array accesses Fixes: asan_heap-uaf_21f42e4_9_asan_heap-uaf_21f42e4_278_gl2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
075a165d · Michael Niedermayer · c727401a · 075a165d
Commit 075a165d authored Oct 03, 2014 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

svq3.c libavcodec/svq3.c +1 -1

No files found.
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1176,7 +1176,7 @@ static int svq3_decode_frame(AVCodecContext *avctx, void *data,
    h->cur_pic_ptr = s->cur_pic;
    av_frame_unref(&h->cur_pic.f);
-    h->cur_pic     = *s->cur_pic;
+    memcpy(&h->cur_pic.tf, &s->cur_pic->tf, sizeof(h->cur_pic) - offsetof(H264Picture, tf));
    ret = av_frame_ref(&h->cur_pic.f, &s->cur_pic->f);
    if (ret < 0)
        return ret;