avidec: use actually read size instead of requested size

Fixes CVE-2012-2788 (cherry picked from commit 0af49a63c7f87876486ab09482d5b26b95abce60) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
author: Anton Khirnov <anton@khirnov.net> 2012-09-28 15:42:29 +0200
committer: Reinhard Tartler <siretart@tauware.de> 2012-10-14 16:03:24 -0400
commit: 0582b8e3eabb4b7d6f637fcd294d6ae43d24b61a (patch)
tree: 80118cb50cbf456d4a6093a277056430e1aa825b
parent: 6744eee1e5bf68feb9930f1e3617311587b9d7a7 (diff)
download: ffmpeg-0582b8e3eabb4b7d6f637fcd294d6ae43d24b61a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index b4ccfb50f8..13a39c0e11 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1116,7 +1116,7 @@ resync:
             }
             ast->frame_offset += get_duration(ast, pkt->size);
         }
-        ast->remaining -= size;
+        ast->remaining -= err;
         if(!ast->remaining){
             avi->stream_index= -1;
             ast->packet_size= 0;
author	Anton Khirnov <anton@khirnov.net>	2012-09-28 15:42:29 +0200
committer	Reinhard Tartler <siretart@tauware.de>	2012-10-14 16:03:24 -0400
commit	0582b8e3eabb4b7d6f637fcd294d6ae43d24b61a (patch)
tree	80118cb50cbf456d4a6093a277056430e1aa825b
parent	6744eee1e5bf68feb9930f1e3617311587b9d7a7 (diff)
download	ffmpeg-0582b8e3eabb4b7d6f637fcd294d6ae43d24b61a.tar.gz