shorten: pad the internal bitstream buffer

Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 1713eec29add37b654ec6bf262b843d139c1ffc6)
author: Anton Khirnov <anton@khirnov.net> 2013-11-28 10:54:35 +0100
committer: Reinhard Tartler <siretart@tauware.de> 2014-02-28 23:05:53 -0500
commit: f1a7bfea41e56067c3bf4864159c87cdda613c19 (patch)
tree: d69767fba322e5f076cb4df61ca41d6d3c657883 /libavcodec
parent: 3e3805b7fae6bda01e40462079028f8e6bfedea9 (diff)
download: ffmpeg-f1a7bfea41e56067c3bf4864159c87cdda613c19.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 22976e0137..31bd943fb3 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -441,7 +441,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
         void *tmp_ptr;
         s->max_framesize = 1024; // should hopefully be enough for the first header
         tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size,
-                                  s->max_framesize);
+                                  s->max_framesize + FF_INPUT_BUFFER_PADDING_SIZE);
         if (!tmp_ptr) {
             av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n");
             return AVERROR(ENOMEM);
author	Anton Khirnov <anton@khirnov.net>	2013-11-28 10:54:35 +0100
committer	Reinhard Tartler <siretart@tauware.de>	2014-02-28 23:05:53 -0500
commit	f1a7bfea41e56067c3bf4864159c87cdda613c19 (patch)
tree	d69767fba322e5f076cb4df61ca41d6d3c657883 /libavcodec
parent	3e3805b7fae6bda01e40462079028f8e6bfedea9 (diff)
download	ffmpeg-f1a7bfea41e56067c3bf4864159c87cdda613c19.tar.gz