X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fh2645_parse.c;h=ef6a6b4b4f446ec165fe64698a5feaf855f81fb1;hb=460f74495fa93c4bb85503c5443580e2bb857efa;hp=942f2c5d7124a6a039c760cde3f47e5ff93cc566;hpb=409e684e79b6ee0c511292326f09b13fe230e58e;p=ffmpeg

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 942f2c5d712..ef6a6b4b4f4 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -345,13 +345,18 @@ static int find_next_start_code(const uint8_t *buf, const uint8_t *next_avc)
 
 static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
 {
+    int min_size = size;
+
     if (size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
         goto fail;
     size += AV_INPUT_BUFFER_PADDING_SIZE;
 
     if (rbsp->rbsp_buffer_alloc_size >= size &&
-        (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref)))
+        (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref))) {
+        av_assert0(rbsp->rbsp_buffer);
+        memset(rbsp->rbsp_buffer + min_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
         return;
+    }
 
     size = FFMIN(size + size / 16 + 32, INT_MAX);
 
@@ -360,7 +365,7 @@ static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
     else
         av_free(rbsp->rbsp_buffer);
 
-    rbsp->rbsp_buffer = av_malloc(size);
+    rbsp->rbsp_buffer = av_mallocz(size);
     if (!rbsp->rbsp_buffer)
         goto fail;
     rbsp->rbsp_buffer_alloc_size = size;
@@ -456,8 +461,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length,
                 return AVERROR(ENOMEM);
 
             pkt->nals = tmp;
-            memset(pkt->nals + pkt->nals_allocated, 0,
-                   (new_size - pkt->nals_allocated) * sizeof(*pkt->nals));
+            memset(pkt->nals + pkt->nals_allocated, 0, sizeof(*pkt->nals));
 
             nal = &pkt->nals[pkt->nb_nals];
             nal->skipped_bytes_pos_size = 1024; // initial buffer size
@@ -499,7 +503,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length,
             ret = h264_parse_nal_header(nal, logctx);
         if (ret <= 0 || nal->size <= 0 || nal->size_bits <= 0) {
             if (ret < 0) {
-                av_log(logctx, AV_LOG_ERROR, "Invalid NAL unit %d, skipping.\n",
+                av_log(logctx, AV_LOG_WARNING, "Invalid NAL unit %d, skipping.\n",
                        nal->type);
             }
             pkt->nb_nals--;