highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lzf: update pointer p after realloc

Browse Source 
This fixes heap-use-after-free detected by AddressSanitizer.

Reviewed-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit bb6a7b6f75)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun
2016-11-04 22:58:49 +01:00
parent 31cebfe789
commit c72ac9ffd0
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/lzf.c
View File

@@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
ret = av_reallocp(buf, *size); ret = av_reallocp(buf, *size);
if (ret < 0) if (ret < 0)
return ret; return ret;
p = *buf + len;
} }
bytestream2_get_buffer(gb, p, s); bytestream2_get_buffer(gb, p, s);
@@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
ret = av_reallocp(buf, *size); ret = av_reallocp(buf, *size);
if (ret < 0) if (ret < 0)
return ret; return ret;
p = *buf + len;
} }
av_memcpy_backptr(p, off, l); av_memcpy_backptr(p, off, l);