Fixes: heap array overread
Fixes: asan_heap-oob_14876d9_4706_cov_815472558_cover_art.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -107,7 +107,7 @@ int ff_flac_parse_picture(AVFormatContext *s, uint8_t *buf, int buf_size) |
107 | 107 |
ret = AVERROR_INVALIDDATA; |
108 | 108 |
goto fail; |
109 | 109 |
} |
110 |
- if (!(data = av_buffer_alloc(len))) { |
|
110 |
+ if (!(data = av_buffer_alloc(len + FF_INPUT_BUFFER_PADDING_SIZE))) { |
|
111 | 111 |
RETURN_ERROR(AVERROR(ENOMEM)); |
112 | 112 |
} |
113 | 113 |
if (avio_read(pb, data->data, len) != len) { |