lzf: update pointer p after realloc

This fixes heap-use-after-free detected by AddressSanitizer. Reviewed-by: Luca Barbato <lu_zero@gentoo.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit bb6a7b6f75ac544c956e3eefee297700ef4d3468) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-04 22:58:49 +0100
committer: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-27 00:38:55 +0100
commit: ef2d91e9c337f50edbc7631485bfec385601f4bb (patch)
tree: 261e1be5a38b24342f711c083cf4de20ec0652c0 /libavcodec
parent: dcc8d2418acac6539e2533fc046f3d00f1c0c333 (diff)
download: ffmpeg-ef2d91e9c337f50edbc7631485bfec385601f4bb.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/lzf.c b/libavcodec/lzf.c
index 409a7ffdd3..5b7526ef18 100644
--- a/libavcodec/lzf.c
+++ b/libavcodec/lzf.c
@@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                 ret = av_reallocp(buf, *size);
                 if (ret < 0)
                     return ret;
+                p = *buf + len;
             }
 
             bytestream2_get_buffer(gb, p, s);
@@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                 ret = av_reallocp(buf, *size);
                 if (ret < 0)
                     return ret;
+                p = *buf + len;
             }
 
             av_memcpy_backptr(p, off, l);
author	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-04 22:58:49 +0100
committer	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:38:55 +0100
commit	ef2d91e9c337f50edbc7631485bfec385601f4bb (patch)
tree	261e1be5a38b24342f711c083cf4de20ec0652c0 /libavcodec
parent	dcc8d2418acac6539e2533fc046f3d00f1c0c333 (diff)
download	ffmpeg-ef2d91e9c337f50edbc7631485bfec385601f4bb.tar.gz