diff options
| author | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-11-04 22:58:49 +0100 |
|---|---|---|
| committer | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-11-05 18:56:26 +0100 |
| commit | bb6a7b6f75ac544c956e3eefee297700ef4d3468 (patch) | |
| tree | fec058f48360cf314adac164ad0ef0952e3d119b | |
| parent | c0f6eff6a7edaa38a9ea4865ffc2ad36539d9d48 (diff) | |
| download | ffmpeg-bb6a7b6f75ac544c956e3eefee297700ef4d3468.tar.gz | |
lzf: update pointer p after realloc
This fixes heap-use-after-free detected by AddressSanitizer.
Reviewed-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
| -rw-r--r-- | libavcodec/lzf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/lzf.c b/libavcodec/lzf.c index 409a7ffdd3..5b7526ef18 100644 --- a/libavcodec/lzf.c +++ b/libavcodec/lzf.c @@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size) ret = av_reallocp(buf, *size); if (ret < 0) return ret; + p = *buf + len; } bytestream2_get_buffer(gb, p, s); @@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size) ret = av_reallocp(buf, *size); if (ret < 0) return ret; + p = *buf + len; } av_memcpy_backptr(p, off, l); |