[FFmpeg-cvslog] probe_codec: fix memory corruption
Michael Niedermayer
git at videolan.org
Thu Jul 26 01:11:33 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jul 26 01:05:01 2012 +0200| [9054f6b66b3883d615177c738cb69c6337c4375c] | committer: Michael Niedermayer
probe_codec: fix memory corruption
Found-by: Tanami Ohad
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9054f6b66b3883d615177c738cb69c6337c4375c
---
libavformat/utils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index caa8c4b..fa3b962 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -680,11 +680,15 @@ static void probe_codec(AVFormatContext *s, AVStream *st, const AVPacket *pkt)
--st->probe_packets;
if (pkt) {
- pd->buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE);
+ uint8_t *new_buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE);
+ if(!new_buf)
+ goto no_packet;
+ pd->buf = new_buf;
memcpy(pd->buf+pd->buf_size, pkt->data, pkt->size);
pd->buf_size += pkt->size;
memset(pd->buf+pd->buf_size, 0, AVPROBE_PADDING_SIZE);
} else {
+no_packet:
st->probe_packets = 0;
}
More information about the ffmpeg-cvslog
mailing list