Fixes Ticket2982
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -242,8 +242,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s |
242 | 242 |
if(next == END_NOT_FOUND){ |
243 | 243 |
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); |
244 | 244 |
|
245 |
- if(!new_buffer) |
|
245 |
+ if(!new_buffer) { |
|
246 |
+ pc->index = 0; |
|
246 | 247 |
return AVERROR(ENOMEM); |
248 |
+ } |
|
247 | 249 |
pc->buffer = new_buffer; |
248 | 250 |
memcpy(&pc->buffer[pc->index], *buf, *buf_size); |
249 | 251 |
pc->index += *buf_size; |
... | ... |
@@ -256,9 +258,11 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s |
256 | 256 |
/* append to buffer */ |
257 | 257 |
if(pc->index){ |
258 | 258 |
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); |
259 |
- |
|
260 |
- if(!new_buffer) |
|
259 |
+ if(!new_buffer) { |
|
260 |
+ pc->overread_index = |
|
261 |
+ pc->index = 0; |
|
261 | 262 |
return AVERROR(ENOMEM); |
263 |
+ } |
|
262 | 264 |
pc->buffer = new_buffer; |
263 | 265 |
if (next > -FF_INPUT_BUFFER_PADDING_SIZE) |
264 | 266 |
memcpy(&pc->buffer[pc->index], *buf, |