diff options
| author | Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 2024-03-12 23:06:49 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2024-03-13 00:52:30 +0100 |
| commit | 605fc72f19ed975df6b36ea13d9f63b1fe9c852a (patch) | |
| tree | f420f7ddcc43045553aa8233720f26498b41c027 | |
| parent | 384cc270d25ef1cc53f9cc0e047033b47cdaddd1 (diff) | |
| download | ffmpeg-605fc72f19ed975df6b36ea13d9f63b1fe9c852a.tar.gz | |
avcodec/parser: Reset *buf_size on realloc failure
Fixes: out of array access
Fixes: crash-0d640731c7da52415670eb47a2af701cbe2e1a3b
Fixes: crash-e745864ead6ea418959c8df56de2765571201dae
Found-by: Catena cyber <contact@catenacyber.fr>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/parser.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libavcodec/parser.c b/libavcodec/parser.c index efc28b8918..af17ee9c15 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -252,6 +252,7 @@ int ff_combine_frame(ParseContext *pc, int next, AV_INPUT_BUFFER_PADDING_SIZE); if (!new_buffer) { av_log(NULL, AV_LOG_ERROR, "Failed to reallocate parser buffer to %d\n", next + pc->index + AV_INPUT_BUFFER_PADDING_SIZE); + *buf_size = pc->overread_index = pc->index = 0; return AVERROR(ENOMEM); |