diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-10-03 16:06:23 +0200 |
---|---|---|
committer | Reinhard Tartler <siretart@tauware.de> | 2013-05-09 11:29:05 +0200 |
commit | 9c713f30e4913a28d93eb37ea5db7f62be4c0ef6 (patch) | |
tree | 725e02db91f3131e4edd7563e3081792b001a5cf | |
parent | 799000af702ae91c069b330b76355c5c76f70b9b (diff) | |
download | ffmpeg-9c713f30e4913a28d93eb37ea5db7f62be4c0ef6.tar.gz |
parser: fix large overreads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
-rw-r--r-- | libavcodec/parser.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/parser.c b/libavcodec/parser.c index 03f548ef6a..aeabf690f0 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -261,7 +261,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s if(!new_buffer) return AVERROR(ENOMEM); pc->buffer = new_buffer; - memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE ); + if (next > -FF_INPUT_BUFFER_PADDING_SIZE) + memcpy(&pc->buffer[pc->index], *buf, + next + FF_INPUT_BUFFER_PADDING_SIZE); pc->index = 0; *buf= pc->buffer; } |