trk->vos_data is mostly used to store the extradata from the codec.
Most encoder when storing their extradata, are allocating with padding.
But the current code was ignoring the padding, which could causes
heap-buffer-overflow
---
libavformat/movenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index e095af0972..11cf1a13a9 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -5378,7 +5378,7 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt)
!TAG_IS_AVCI(trk->tag) &&
(par->codec_id != AV_CODEC_ID_DNXHD)) {
trk->vos_len = par->extradata_size;
- trk->vos_data = av_malloc(trk->vos_len);
+ trk->vos_data = av_mallocz(trk->vos_len +
AV_INPUT_BUFFER_PADDING_SIZE);
if (!trk->vos_data) {
ret = AVERROR(ENOMEM);
goto err;
--
2.23.0.444.g18eeb5a265-goog
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
