avcodec/parser: Reset *buf_size on realloc failure

Fixes: out of array access Fixes: crash-0d640731c7da52415670eb47a2af701cbe2e1a3b Fixes: crash-e745864ead6ea418959c8df56de2765571201dae Found-by: Catena cyber <contact@catenacyber.fr> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
10 months ago · 605fc72f19
parent 384cc270d2
commit 605fc72f19
1 changed files with 1 additions and 0 deletions
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@ -252,6 +252,7 @@ int ff_combine_frame(ParseContext *pc, int next,
                                           AV_INPUT_BUFFER_PADDING_SIZE);
        if (!new_buffer) {
            av_log(NULL, AV_LOG_ERROR, "Failed to reallocate parser buffer to %d\n", next + pc->index + AV_INPUT_BUFFER_PADDING_SIZE);
+            *buf_size =
            pc->overread_index =
            pc->index = 0;
            return AVERROR(ENOMEM);