Fix possible heap overflow caused by av_fast_realloc()

Originally committed as revision 12579 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index d6522fe..a264297 100644 (file)
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -66,7 +66,11 @@ void *av_fast_realloc(void *ptr, unsigned int *size, unsigned int min_size)
 
     *size= FFMAX(17*min_size/16 + 32, min_size);
 
-    return av_realloc(ptr, *size);
+    ptr= av_realloc(ptr, *size);
+    if(!ptr) //we could set this to the unmodified min_size but this is safer if the user lost the ptr and uses NULL now
+        *size= 0;
+
+    return ptr;
 }
 
 static unsigned int last_static = 0;