From 9652d4fcfc9c07a726b35efc4ac644d9751b36d7 Mon Sep 17 00:00:00 2001
From: Kostya Shishkov <kostya.shishkov@gmail.com>
Date: Tue, 12 Mar 2013 07:17:03 +0100
Subject: ape: provide two additional bytes in buffer for old MAC versions

Range coder in 3.90-3.95 overread two bytes in the final normalize.
---
 libavcodec/apedec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'libavcodec/apedec.c')

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 0bef457eb8..d4a3dcf3eb 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -917,11 +917,13 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data,
             av_log(avctx, AV_LOG_WARNING, "packet size is not a multiple of 4. "
                    "extra bytes at the end will be skipped.\n");
         }
-
+        if (s->fileversion < 3950) // previous versions overread two bytes
+            buf_size += 2;
         av_fast_malloc(&s->data, &s->data_size, buf_size);
         if (!s->data)
             return AVERROR(ENOMEM);
         s->dsp.bswap_buf((uint32_t*)s->data, (const uint32_t*)buf, buf_size >> 2);
+        memset(s->data + (buf_size & ~3), 0, buf_size & 3);
         s->ptr = s->data;
         s->data_end = s->data + buf_size;
 
-- 
cgit v1.2.3