diff options
| author | Andreas Cadhalpun <[email protected]> | 2016-11-04 22:58:49 +0100 |
|---|---|---|
| committer | Andreas Cadhalpun <[email protected]> | 2016-11-05 18:56:26 +0100 |
| commit | bb6a7b6f75ac544c956e3eefee297700ef4d3468 (patch) | |
| tree | fec058f48360cf314adac164ad0ef0952e3d119b | |
| parent | c0f6eff6a7edaa38a9ea4865ffc2ad36539d9d48 (diff) | |
lzf: update pointer p after realloc
This fixes heap-use-after-free detected by AddressSanitizer.
Reviewed-by: Luca Barbato <[email protected]>
Signed-off-by: Andreas Cadhalpun <[email protected]>
| -rw-r--r-- | libavcodec/lzf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/lzf.c b/libavcodec/lzf.c index 409a7ffdd3..5b7526ef18 100644 --- a/libavcodec/lzf.c +++ b/libavcodec/lzf.c @@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size) ret = av_reallocp(buf, *size); if (ret < 0) return ret; + p = *buf + len; } bytestream2_get_buffer(gb, p, s); @@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size) ret = av_reallocp(buf, *size); if (ret < 0) return ret; + p = *buf + len; } av_memcpy_backptr(p, off, l); |