From 605fc72f19ed975df6b36ea13d9f63b1fe9c852a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 12 Mar 2024 23:06:49 +0100 Subject: [PATCH] avcodec/parser: Reset *buf_size on realloc failure Fixes: out of array access Fixes: crash-0d640731c7da52415670eb47a2af701cbe2e1a3b Fixes: crash-e745864ead6ea418959c8df56de2765571201dae Found-by: Catena cyber Signed-off-by: Michael Niedermayer --- libavcodec/parser.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/parser.c b/libavcodec/parser.c index efc28b8918..af17ee9c15 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -252,6 +252,7 @@ int ff_combine_frame(ParseContext *pc, int next, AV_INPUT_BUFFER_PADDING_SIZE); if (!new_buffer) { av_log(NULL, AV_LOG_ERROR, "Failed to reallocate parser buffer to %d\n", next + pc->index + AV_INPUT_BUFFER_PADDING_SIZE); + *buf_size = pc->overread_index = pc->index = 0; return AVERROR(ENOMEM);