From 1f6f58d5855288492fc2640a9f1035c01c75d356 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 29 Jul 2011 15:27:36 -0700 Subject: [PATCH] mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata. This prevents out of bounds reads when extradata is being decoded. --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index e2688b1bff..8906bdd78f 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -600,7 +600,7 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int default: /* Private uid used by SONY C0023S01.mxf */ if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) { - descriptor->extradata = av_malloc(size); + descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE); if (!descriptor->extradata) return -1; descriptor->extradata_size = size;