Fix a heap-buffer-overflow

In some case, what left to read from ptr is smaller than EXTRABYTES. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fix a heap-buffer-overflow
In some case, what left to read from ptr is smaller than EXTRABYTES. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10e9d1f7 · Thierry Foucu · Michael Niedermayer · 3c5fe5b5 · 10e9d1f7
Commit 10e9d1f7 authored Jan 25, 2012 by Thierry Foucu Committed by Michael Niedermayer Jan 26, 2012
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

mpegaudiodec.c libavcodec/mpegaudiodec.c +2 -1

No files found.
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1385,7 +1385,8 @@ static int mp_decode_layer3(MPADecodeContext *s)
        av_dlog(s->avctx, "seekback: %d\n", main_data_begin);
    //av_log(NULL, AV_LOG_ERROR, "backstep:%d, lastbuf:%d\n", main_data_begin, s->last_buf_size);

-        memcpy(s->last_buf + s->last_buf_size, ptr, EXTRABYTES);
+        memcpy(s->last_buf + s->last_buf_size, ptr,
+               FFMIN(EXTRABYTES, (s->gb.size_in_bits - get_bits_count(&s->gb))>>3));
        s->in_gb = s->gb;
        init_get_bits(&s->gb, s->last_buf, s->last_buf_size*8);
 #if !UNCHECKED_BITSTREAM_READER