avformat/utils: Fix potential integer overflow in extract_extradata()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 years ago · 0a41a8bf29
parent b4a1ccfc41
commit 0a41a8bf29
1 changed files with 3 additions and 1 deletions
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@ -3544,7 +3544,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
                                            &extradata_size);
        if (extradata) {
-            sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+            av_assert0(!sti->avctx->extradata);
            if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE)
                sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
            if (!sti->avctx->extradata) {
                av_packet_unref(pkt_ref);
                return AVERROR(ENOMEM);