avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()

Fixes out of array read Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()
Fixes out of array read Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
3d5d95db · Michael Niedermayer · 0eecf409 · 3d5d95db
Commit 3d5d95db authored Nov 25, 2014 by Michael Niedermayer
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

utils.c libavcodec/utils.c +5 -0

No files found.
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -3731,6 +3731,11 @@ int avpriv_bprint_to_extradata(AVCodecContext *avctx, struct AVBPrint *buf)
    ret = av_bprint_finalize(buf, &str);
    if (ret < 0)
        return ret;
+    if (!av_bprint_is_complete(buf)) {
+        av_free(str);
+        return AVERROR(ENOMEM);
+    }
    avctx->extradata = str;
    /* Note: the string is NUL terminated (so extradata can be read as a
     * string), but the ending character is not accounted in the size (in