Quoting Luca Barbato (2015-10-16 15:09:10) > On 16/10/15 14:40, Vittorio Giovara wrote: > > Previously the message was cut off at 256th byte. > > > > Signed-off-by: Vittorio Giovara <[email protected]> > > --- > > libavcodec/h264_sei.c | 14 ++++++++------ > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c > > index ddf1b6f..9f694fa 100644 > > --- a/libavcodec/h264_sei.c > > +++ b/libavcodec/h264_sei.c > > @@ -215,13 +215,17 @@ static int decode_registered_user_data(H264Context > > *h, int size) > > > > static int decode_unregistered_user_data(H264Context *h, int size) > > { > > - uint8_t user_data[16 + 256]; > > + uint8_t *user_data; > > int e, build, i; > > > > - if (size < 16) > > + if (size < 16 || size >= INT_MAX - 16) > > return AVERROR_INVALIDDATA; > > > > - for (i = 0; i < sizeof(user_data) - 1 && i < size; i++) > > + user_data = av_malloc(16 + size + 1); > > mallocz maybe?
What for? Zeroing the whole buffer just because we want it null-terminated is rather wasteful. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
