diff options
author | Kostya Shishkov <kostya.shishkov@gmail.com> | 2013-03-12 07:17:03 +0100 |
---|---|---|
committer | Kostya Shishkov <kostya.shishkov@gmail.com> | 2013-03-15 09:50:42 +0100 |
commit | 9652d4fcfc9c07a726b35efc4ac644d9751b36d7 (patch) | |
tree | 3db39e13523acf2c79a63cc945e8b6774efdbf26 | |
parent | b164d66e35d349de414e2f0d7365a147aba8a620 (diff) | |
download | ffmpeg-9652d4fcfc9c07a726b35efc4ac644d9751b36d7.tar.gz |
ape: provide two additional bytes in buffer for old MAC versions
Range coder in 3.90-3.95 overread two bytes in the final normalize.
-rw-r--r-- | libavcodec/apedec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 0bef457eb8..d4a3dcf3eb 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -917,11 +917,13 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, av_log(avctx, AV_LOG_WARNING, "packet size is not a multiple of 4. " "extra bytes at the end will be skipped.\n"); } - + if (s->fileversion < 3950) // previous versions overread two bytes + buf_size += 2; av_fast_malloc(&s->data, &s->data_size, buf_size); if (!s->data) return AVERROR(ENOMEM); s->dsp.bswap_buf((uint32_t*)s->data, (const uint32_t*)buf, buf_size >> 2); + memset(s->data + (buf_size & ~3), 0, buf_size & 3); s->ptr = s->data; s->data_end = s->data + buf_size; |