trk->vos_data is mostly used to store the extradata from the codec. Most encoder when storing their extradata, are allocating with padding. But the current code was ignoring the padding, which could causes heap-buffer-overflow --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c index e095af0972..11cf1a13a9 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -5378,7 +5378,7 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) !TAG_IS_AVCI(trk->tag) && (par->codec_id != AV_CODEC_ID_DNXHD)) { trk->vos_len = par->extradata_size; - trk->vos_data = av_malloc(trk->vos_len); + trk->vos_data = av_mallocz(trk->vos_len + AV_INPUT_BUFFER_PADDING_SIZE); if (!trk->vos_data) { ret = AVERROR(ENOMEM); goto err; -- 2.23.0.444.g18eeb5a265-goog _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".