aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-10-03 16:06:23 +0200
committerReinhard Tartler <siretart@tauware.de>2013-05-09 11:29:05 +0200
commit9c713f30e4913a28d93eb37ea5db7f62be4c0ef6 (patch)
tree725e02db91f3131e4edd7563e3081792b001a5cf
parent799000af702ae91c069b330b76355c5c76f70b9b (diff)
downloadffmpeg-9c713f30e4913a28d93eb37ea5db7f62be4c0ef6.tar.gz
parser: fix large overreads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
-rw-r--r--libavcodec/parser.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index 03f548ef6a..aeabf690f0 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -261,7 +261,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
if(!new_buffer)
return AVERROR(ENOMEM);
pc->buffer = new_buffer;
- memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE );
+ if (next > -FF_INPUT_BUFFER_PADDING_SIZE)
+ memcpy(&pc->buffer[pc->index], *buf,
+ next + FF_INPUT_BUFFER_PADDING_SIZE);
pc->index = 0;
*buf= pc->buffer;
}