parser: fix large overreads
authorMichael Niedermayer <michaelni@gmx.at>
Wed, 3 Oct 2012 14:06:23 +0000 (16:06 +0200)
committerReinhard Tartler <siretart@tauware.de>
Thu, 9 May 2013 09:29:05 +0000 (11:29 +0200)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
libavcodec/parser.c

index 03f548e..aeabf69 100644 (file)
@@ -261,7 +261,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
         if(!new_buffer)
             return AVERROR(ENOMEM);
         pc->buffer = new_buffer;
-        memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE );
+        if (next > -FF_INPUT_BUFFER_PADDING_SIZE)
+            memcpy(&pc->buffer[pc->index], *buf,
+                   next + FF_INPUT_BUFFER_PADDING_SIZE);
         pc->index = 0;
         *buf= pc->buffer;
     }