lzf: update pointer p after realloc

This fixes heap-use-after-free detected by AddressSanitizer. Reviewed-by: Luca Barbato <lu_zero@gentoo.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>

lzf: update pointer p after realloc
This fixes heap-use-after-free detected by AddressSanitizer. Reviewed-by: Luca Barbato <lu_zero@gentoo.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
bb6a7b6f · Andreas Cadhalpun · c0f6eff6 · bb6a7b6f
Commit bb6a7b6f authored Nov 04, 2016 by Andreas Cadhalpun
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

lzf.c libavcodec/lzf.c +2 -0

No files found.
--- a/libavcodec/lzf.c
+++ b/libavcodec/lzf.c
@@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                ret = av_reallocp(buf, *size);
                if (ret < 0)
                    return ret;
+                p = *buf + len;
            }

            bytestream2_get_buffer(gb, p, s);
@@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                ret = av_reallocp(buf, *size);
                if (ret < 0)
                    return ret;
+                p = *buf + len;
            }

            av_memcpy_backptr(p, off, l);