aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKostya Shishkov <kostya.shishkov@gmail.com>2013-03-12 07:17:03 +0100
committerKostya Shishkov <kostya.shishkov@gmail.com>2013-03-15 09:50:42 +0100
commit9652d4fcfc9c07a726b35efc4ac644d9751b36d7 (patch)
tree3db39e13523acf2c79a63cc945e8b6774efdbf26
parentb164d66e35d349de414e2f0d7365a147aba8a620 (diff)
downloadffmpeg-9652d4fcfc9c07a726b35efc4ac644d9751b36d7.tar.gz
ape: provide two additional bytes in buffer for old MAC versions
Range coder in 3.90-3.95 overread two bytes in the final normalize.
-rw-r--r--libavcodec/apedec.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 0bef457eb8..d4a3dcf3eb 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -917,11 +917,13 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data,
av_log(avctx, AV_LOG_WARNING, "packet size is not a multiple of 4. "
"extra bytes at the end will be skipped.\n");
}
-
+ if (s->fileversion < 3950) // previous versions overread two bytes
+ buf_size += 2;
av_fast_malloc(&s->data, &s->data_size, buf_size);
if (!s->data)
return AVERROR(ENOMEM);
s->dsp.bswap_buf((uint32_t*)s->data, (const uint32_t*)buf, buf_size >> 2);
+ memset(s->data + (buf_size & ~3), 0, buf_size & 3);
s->ptr = s->data;
s->data_end = s->data + buf_size;