Previously the message was cut off at 256th byte.
Signed-off-by: Vittorio Giovara <[email protected]>
---
libavcodec/h264_sei.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index ddf1b6f..b7b66e6 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -215,16 +215,19 @@ static int decode_registered_user_data(H264Context *h,
int size)
static int decode_unregistered_user_data(H264Context *h, int size)
{
- uint8_t user_data[16 + 256];
+ uint8_t *user_data;
int e, build, i;
- if (size < 16)
+ if (size < 16 || size >= INT_MAX - 16)
return AVERROR_INVALIDDATA;
- for (i = 0; i < sizeof(user_data) - 1 && i < size; i++)
+ user_data = av_mallocz(16 + size + 1);
+ if (!user_data)
+ return AVERROR(ENOMEM);
+
+ for (i = 0; i < size + 16; i++)
user_data[i] = get_bits(&h->gb, 8);
- user_data[i] = 0;
e = sscanf(user_data + 16, "x264 - core %d", &build);
if (e == 1 && build > 0)
h->x264_build = build;
@@ -232,9 +235,7 @@ static int decode_unregistered_user_data(H264Context *h,
int size)
if (h->avctx->debug & FF_DEBUG_BUGS)
av_log(h->avctx, AV_LOG_DEBUG, "user data:\"%s\"\n", user_data + 16);
- for (; i < size; i++)
- skip_bits(&h->gb, 8);
-
+ av_free(user_data);
return 0;
}
--
1.9.5 (Apple Git-50.3)
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
