From bb6a7b6f75ac544c956e3eefee297700ef4d3468 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Fri, 4 Nov 2016 22:58:49 +0100
Subject: [PATCH] lzf: update pointer p after realloc

This fixes heap-use-after-free detected by AddressSanitizer.

Reviewed-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/lzf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/lzf.c b/libavcodec/lzf.c
index 409a7ffdd3..5b7526ef18 100644
--- a/libavcodec/lzf.c
+++ b/libavcodec/lzf.c
@@ -53,6 +53,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                 ret = av_reallocp(buf, *size);
                 if (ret < 0)
                     return ret;
+                p = *buf + len;
             }
 
             bytestream2_get_buffer(gb, p, s);
@@ -75,6 +76,7 @@ int ff_lzf_uncompress(GetByteContext *gb, uint8_t **buf, int64_t *size)
                 ret = av_reallocp(buf, *size);
                 if (ret < 0)
                     return ret;
+                p = *buf + len;
             }
 
             av_memcpy_backptr(p, off, l);