avcodec/a64multienc: don't set incorrect packet size
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 23 Feb 2015 00:21:30 +0000 (01:21 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Sat, 14 Mar 2015 13:27:23 +0000 (14:27 +0100)
This fixes invalid reads of the packet buffer in av_dup_packet

Based on patch by Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d96142e9af92ded84f2580620c571ab96c4bb657)

Conflicts:

libavcodec/a64multienc.c

libavcodec/a64multienc.c

index 89cd2f5..0cdec2e 100644 (file)
@@ -336,8 +336,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
         req_size = 0;
         /* any frames to encode? */
         if (c->mc_lifetime) {
-            req_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
-            if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0)
+            int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
+            if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0)
                 return ret;
             buf = pkt->data;
 
@@ -354,6 +354,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
             /* advance pointers */
             buf      += charset_size;
             charset  += charset_size;
+            req_size += charset_size;
         }
 
         /* write x frames to buf */