flvdec: allocate large enough buffer so get_bits() doesnt overread
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 16 Apr 2012 10:01:55 +0000 (12:01 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 16 Apr 2012 10:01:55 +0000 (12:01 +0200)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavformat/flvdec.c

index c444641..3d23b67 100644 (file)
@@ -112,7 +112,7 @@ static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream, int flv_co
                 vcodec->codec_id = CODEC_ID_VP6A;
             if(vcodec->extradata_size != 1) {
                 vcodec->extradata_size = 1;
-                vcodec->extradata = av_malloc(1);
+                vcodec->extradata = av_malloc(1 + FF_INPUT_BUFFER_PADDING_SIZE);
             }
             vcodec->extradata[0] = avio_r8(s->pb);
             return 1; // 1 byte body size adjustment for flv_read_packet()