shorten: fix "off by padding" bug

Fixes array overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ad22767cb61cdc75541b21154d65fd1ad6351025) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-05-22 17:39:22 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2014-01-16 00:42:23 +0100
commit: dee327b0e70d7051ed0d349974e88bd1ec8a246c (patch)
tree: 1a902154d5c5eb64b6b36f5bc6b1e4857c9d7151
parent: e438fd3be905cefdf75d9cc5a632ded4dc043be5 (diff)
download: ffmpeg-dee327b0e70d7051ed0d349974e88bd1ec8a246c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 5765fa41b0..af17d9daf5 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -437,7 +437,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
         buf_size       = FFMIN(buf_size, s->max_framesize - s->bitstream_size);
         input_buf_size = buf_size;
 
-        if (s->bitstream_index + s->bitstream_size + buf_size >
+        if (s->bitstream_index + s->bitstream_size + buf_size + FF_INPUT_BUFFER_PADDING_SIZE >
             s->allocated_bitstream_size) {
             memmove(s->bitstream, &s->bitstream[s->bitstream_index],
                     s->bitstream_size);
author	Michael Niedermayer <michaelni@gmx.at>	2013-05-22 17:39:22 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2014-01-16 00:42:23 +0100
commit	dee327b0e70d7051ed0d349974e88bd1ec8a246c (patch)
tree	1a902154d5c5eb64b6b36f5bc6b1e4857c9d7151
parent	e438fd3be905cefdf75d9cc5a632ded4dc043be5 (diff)
download	ffmpeg-dee327b0e70d7051ed0d349974e88bd1ec8a246c.tar.gz