From 2e328a8a38e06e4737bc1253a568558a7c514e77 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Tue, 10 Dec 2019 22:59:46 +0100 Subject: [PATCH] avformat/apngdec: Make sure that extradata is zero-padded Zeroing the padding has been forgotten. Signed-off-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer --- libavformat/apngdec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c index c8db9c6e1f..b5696e069c 100644 --- a/libavformat/apngdec.c +++ b/libavformat/apngdec.c @@ -127,13 +127,14 @@ static int append_extradata(AVCodecParameters *par, AVIOContext *pb, int len) int new_size, ret; uint8_t *new_extradata; - if (previous_size > INT_MAX - len) + if (previous_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - len) return AVERROR_INVALIDDATA; new_size = previous_size + len; new_extradata = av_realloc(par->extradata, new_size + AV_INPUT_BUFFER_PADDING_SIZE); if (!new_extradata) return AVERROR(ENOMEM); + memset(new_extradata + new_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); par->extradata = new_extradata; par->extradata_size = new_size; @@ -177,10 +178,9 @@ static int apng_read_header(AVFormatContext *s) return ret; /* extradata will contain every chunk up to the first fcTL (excluded) */ - st->codecpar->extradata = av_malloc(len + 12 + AV_INPUT_BUFFER_PADDING_SIZE); - if (!st->codecpar->extradata) - return AVERROR(ENOMEM); - st->codecpar->extradata_size = len + 12; + ret = ff_alloc_extradata(st->codecpar, len + 12); + if (ret < 0) + return ret; AV_WB32(st->codecpar->extradata, len); AV_WL32(st->codecpar->extradata+4, tag); AV_WB32(st->codecpar->extradata+8, st->codecpar->width);