From 436f00b10c062b75c7aab276c4a7d64524bd0444 Mon Sep 17 00:00:00 2001
From: Marton Balint <cus@passwd.hu>
Date: Tue, 21 Feb 2017 23:50:56 +0100
Subject: [PATCH] avcodec/wrapped_avframe: allocate a buffer with padding

This ensures that the wrapped avframe will not get reallocated later, which
would invalidate internal references such as extended data.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
---
 libavcodec/wrapped_avframe.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wrapped_avframe.c b/libavcodec/wrapped_avframe.c
index 13c8d8a2398..14360320ffa 100644
--- a/libavcodec/wrapped_avframe.c
+++ b/libavcodec/wrapped_avframe.c
@@ -43,19 +43,31 @@ static int wrapped_avframe_encode(AVCodecContext *avctx, AVPacket *pkt,
                      const AVFrame *frame, int *got_packet)
 {
     AVFrame *wrapped = av_frame_clone(frame);
+    uint8_t *data;
+    int size = sizeof(*wrapped) + AV_INPUT_BUFFER_PADDING_SIZE;
 
     if (!wrapped)
         return AVERROR(ENOMEM);
 
-    pkt->buf = av_buffer_create((uint8_t *)wrapped, sizeof(*wrapped),
+    data = av_mallocz(size);
+    if (!data) {
+        av_frame_free(&wrapped);
+        return AVERROR(ENOMEM);
+    }
+
+    pkt->buf = av_buffer_create(data, size,
                                 wrapped_avframe_release_buffer, NULL,
                                 AV_BUFFER_FLAG_READONLY);
     if (!pkt->buf) {
         av_frame_free(&wrapped);
+        av_freep(&data);
         return AVERROR(ENOMEM);
     }
 
-    pkt->data = (uint8_t *)wrapped;
+    av_frame_move_ref((AVFrame*)data, wrapped);
+    av_frame_free(&wrapped);
+
+    pkt->data = data;
     pkt->size = sizeof(*wrapped);
 
     pkt->flags |= AV_PKT_FLAG_KEY;
-- 
GitLab