proresenc: Report buffer overflow

If the allocated size, despite best efforts, is too small, exit
with the appropriate error.

CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

diff --git a/libavcodec/proresenc.c b/libavcodec/proresenc.c
index 6acaede..2ac9792 100644 (file)
--- a/libavcodec/proresenc.c
+++ b/libavcodec/proresenc.c
@@ -566,6 +566,11 @@ static int encode_slice(AVCodecContext *avctx, const AVFrame *pic,
                                           ctx->blocks[0], quant);
         }
         total_size += sizes[i];
+        if (put_bits_left(pb) < 0) {
+            av_log(avctx, AV_LOG_ERROR,
+                   "Underestimated required buffer size.\n");
+            return AVERROR_BUG;
+        }
     }
     return total_size;
 }
@@ -936,9 +941,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
     avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I;
     avctx->coded_frame->key_frame = 1;
 
-    pkt_size = ctx->frame_size_upper_bound + FF_MIN_BUFFER_SIZE;
+    pkt_size = ctx->frame_size_upper_bound;
 
-    if ((ret = ff_alloc_packet(pkt, pkt_size)) < 0) {
+    if ((ret = ff_alloc_packet(pkt, pkt_size + FF_MIN_BUFFER_SIZE)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "Error getting output packet.\n");
         return ret;
     }
@@ -1017,7 +1022,10 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
                 slice_hdr = buf;
                 buf += slice_hdr_size - 1;
                 init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8);
-                encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice);
+                ret = encode_slice(avctx, pic, &pb, sizes, x, y, q,
+                                   mbs_per_slice);
+                if (ret < 0)
+                    return ret;
 
                 bytestream_put_byte(&slice_hdr, q);
                 slice_size = slice_hdr_size + sizes[ctx->num_planes - 1];