[FFmpeg-cvslog] lzf: update pointer p after realloc
Andreas Cadhalpun
git at videolan.org
Fri Mar 31 00:22:40 EEST 2017
ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> | Fri Nov 4 23:33:02 2016 +0100| [43de8b328b62cf21ec176c3989065168da471a5f] | committer: Luca Barbato
lzf: update pointer p after realloc
This fixes heap-use-after-free detected by AddressSanitizer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43de8b328b62cf21ec176c3989065168da471a5f
---
libavcodec/lzf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/lzf.c b/libavcodec/lzf.c
index 35b932b..0329fe0 100644
--- a/libavcodec/lzf.c
+++ b/libavcodec/lzf.c
@@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
ret = av_reallocp(buf, *size);
if (ret < 0)
return ret;
+ p = *buf + len;
}
bytestream2_get_buffer(gb, p, s);
@@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
ret = av_reallocp(buf, *size);
if (ret < 0)
return ret;
+ p = *buf + len;
}
av_memcpy_backptr(p, off, l);
More information about the ffmpeg-cvslog
mailing list