Browse code
avcodec/parser: reset indexes on realloc failure
Fixes Ticket2982
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2013/09/27 04:03:48Showing 1 changed files
| ... | ... |
@@ -242,8 +242,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s |
| 242 | 242 |
if(next == END_NOT_FOUND){
|
| 243 | 243 |
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); |
| 244 | 244 |
|
| 245 |
- if(!new_buffer) |
|
| 245 |
+ if(!new_buffer) {
|
|
| 246 |
+ pc->index = 0; |
|
| 246 | 247 |
return AVERROR(ENOMEM); |
| 248 |
+ } |
|
| 247 | 249 |
pc->buffer = new_buffer; |
| 248 | 250 |
memcpy(&pc->buffer[pc->index], *buf, *buf_size); |
| 249 | 251 |
pc->index += *buf_size; |
| ... | ... |
@@ -256,9 +258,11 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s |
| 256 | 256 |
/* append to buffer */ |
| 257 | 257 |
if(pc->index){
|
| 258 | 258 |
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); |
| 259 |
- |
|
| 260 |
- if(!new_buffer) |
|
| 259 |
+ if(!new_buffer) {
|
|
| 260 |
+ pc->overread_index = |
|
| 261 |
+ pc->index = 0; |
|
| 261 | 262 |
return AVERROR(ENOMEM); |
| 263 |
+ } |
|
| 262 | 264 |
pc->buffer = new_buffer; |
| 263 | 265 |
if (next > -FF_INPUT_BUFFER_PADDING_SIZE) |
| 264 | 266 |
memcpy(&pc->buffer[pc->index], *buf, |