mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-29 22:00:58 +02:00
avcodec/evc_frame_merge: ensure the assembled buffer fits in an AVPacket
Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
parent
4aa1a42a91
commit
b1b45ac9d4
@ -199,8 +199,16 @@ static int evc_frame_merge_filter(AVBSFContext *bsf, AVPacket *out)
|
|||||||
au_end_found = err;
|
au_end_found = err;
|
||||||
|
|
||||||
nalu_size += EVC_NALU_LENGTH_PREFIX_SIZE;
|
nalu_size += EVC_NALU_LENGTH_PREFIX_SIZE;
|
||||||
|
|
||||||
|
data_size = ctx->au_buffer.data_size + nalu_size;
|
||||||
|
if (data_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
|
||||||
|
av_log(bsf, AV_LOG_ERROR, "Assembled packet is too big\n");
|
||||||
|
err = AVERROR(ERANGE);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
buffer = av_fast_realloc(ctx->au_buffer.data, &ctx->au_buffer.capacity,
|
buffer = av_fast_realloc(ctx->au_buffer.data, &ctx->au_buffer.capacity,
|
||||||
ctx->au_buffer.data_size + nalu_size);
|
data_size);
|
||||||
if (!buffer) {
|
if (!buffer) {
|
||||||
av_freep(&ctx->au_buffer.data);
|
av_freep(&ctx->au_buffer.data);
|
||||||
err = AVERROR_INVALIDDATA;
|
err = AVERROR_INVALIDDATA;
|
||||||
@ -210,7 +218,7 @@ static int evc_frame_merge_filter(AVBSFContext *bsf, AVPacket *out)
|
|||||||
ctx->au_buffer.data = buffer;
|
ctx->au_buffer.data = buffer;
|
||||||
memcpy(ctx->au_buffer.data + ctx->au_buffer.data_size, in->data, nalu_size);
|
memcpy(ctx->au_buffer.data + ctx->au_buffer.data_size, in->data, nalu_size);
|
||||||
|
|
||||||
ctx->au_buffer.data_size += nalu_size;
|
ctx->au_buffer.data_size = data_size;
|
||||||
|
|
||||||
in->data += nalu_size;
|
in->data += nalu_size;
|
||||||
in->size -= nalu_size;
|
in->size -= nalu_size;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user