Commit 89d998f1 authored by Michael Niedermayer's avatar Michael Niedermayer

shorten: allocate space for padding

Fixes array overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent d23b8462
...@@ -424,7 +424,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, ...@@ -424,7 +424,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
void *tmp_ptr; void *tmp_ptr;
s->max_framesize = 8192; // should hopefully be enough for the first header s->max_framesize = 8192; // should hopefully be enough for the first header
tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size,
s->max_framesize); s->max_framesize + FF_INPUT_BUFFER_PADDING_SIZE);
if (!tmp_ptr) { if (!tmp_ptr) {
av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n"); av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n");
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment