From 978805b2c518aae480d26e4b44beede300c9a862 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 25 Mar 2008 10:15:17 +0000
Subject: [PATCH] Fix possible heap overflow caused by av_fast_realloc()

Originally committed as revision 12579 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/utils.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index d6522fe7022..a264297207c 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -66,7 +66,11 @@ void *av_fast_realloc(void *ptr, unsigned int *size, unsigned int min_size)
 
     *size= FFMAX(17*min_size/16 + 32, min_size);
 
-    return av_realloc(ptr, *size);
+    ptr= av_realloc(ptr, *size);
+    if(!ptr) //we could set this to the unmodified min_size but this is safer if the user lost the ptr and uses NULL now
+        *size= 0;
+
+    return ptr;
 }
 
 static unsigned int last_static = 0;
-- 
GitLab