ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Sat Jul 11 22:47:09 2015 +0200| [b3415e4c5f9205820fd6c9211ad50a4df2692a36] | committer: Michael Niedermayer
avutil/mem: Fix potential overflow in overallocation code Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b3415e4c5f9205820fd6c9211ad50a4df2692a36 --- libavutil/mem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/mem.c b/libavutil/mem.c index da291fb..d828ccc 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -480,7 +480,7 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size) if (min_size < *size) return ptr; - min_size = FFMAX(17 * min_size / 16 + 32, min_size); + min_size = FFMAX(min_size + min_size / 16 + 32, min_size); ptr = av_realloc(ptr, min_size); /* we could set this to the unmodified min_size but this is safer @@ -500,7 +500,7 @@ static inline int ff_fast_malloc(void *ptr, unsigned int *size, size_t min_size, if (min_size < *size) return 0; - min_size = FFMAX(17 * min_size / 16 + 32, min_size); + min_size = FFMAX(min_size + min_size / 16 + 32, min_size); av_freep(ptr); val = zero_realloc ? av_mallocz(min_size) : av_malloc(min_size); memcpy(ptr, &val, sizeof(val)); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
