You are right. Please review updated patch.
From 62b31fa4b05fc600eada4fb28b352e5b87bd60f8 Mon Sep 17 00:00:00 2001
From: Andriy Lysnevych <[email protected]>
Date: Wed, 25 May 2016 12:55:39 +0300
Subject: [PATCH] Respect payload offset in av_grow_packet
---
libavcodec/avpacket.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index bcc7c79..68b5202 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -110,24 +110,29 @@ int av_grow_packet(AVPacket *pkt, int grow_by)
{
int new_size;
av_assert0((unsigned)pkt->size <= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE);
- if (!pkt->size)
- return av_new_packet(pkt, grow_by);
if ((unsigned)grow_by >
INT_MAX - (pkt->size + AV_INPUT_BUFFER_PADDING_SIZE))
return -1;
new_size = pkt->size + grow_by + AV_INPUT_BUFFER_PADDING_SIZE;
if (pkt->buf) {
- int ret = av_buffer_realloc(&pkt->buf, new_size);
- if (ret < 0)
- return ret;
+ int data_offset = pkt->data - pkt->buf->data;
+ if ((unsigned)data_offset > INT_MAX - new_size)
+ return -1;
+
+ if (new_size + data_offset > pkt->buf->size) {
+ int ret = av_buffer_realloc(&pkt->buf, new_size + data_offset);
+ if (ret < 0)
+ return ret;
+ pkt->data = pkt->buf->data + data_offset;
+ }
} else {
pkt->buf = av_buffer_alloc(new_size);
if (!pkt->buf)
return AVERROR(ENOMEM);
- memcpy(pkt->buf->data, pkt->data, FFMIN(pkt->size, pkt->size + grow_by));
+ memcpy(pkt->buf->data, pkt->data, pkt->size);
+ pkt->data = pkt->buf->data;
}
- pkt->data = pkt->buf->data;
pkt->size += grow_by;
memset(pkt->data + pkt->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
--
2.7.4
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
