From 91ced1608cf4e2a8f8c6b26884a39a368c8cde79 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 23 Feb 2015 01:21:30 +0100
Subject: [PATCH] avcodec/a64multienc: don't set incorrect packet size

This fixes invalid reads of the packet buffer in av_dup_packet

Based on patch by Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d96142e9af92ded84f2580620c571ab96c4bb657)

Conflicts:

	libavcodec/a64multienc.c
---
 libavcodec/a64multienc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c
index 888b87be1a..ad4c6118ae 100644
--- a/libavcodec/a64multienc.c
+++ b/libavcodec/a64multienc.c
@@ -336,8 +336,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
         req_size = 0;
         /* any frames to encode? */
         if (c->mc_lifetime) {
-            req_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
-            if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0)
+            int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
+            if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0)
                 return ret;
             buf = pkt->data;
 
@@ -354,6 +354,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
             /* advance pointers */
             buf      += charset_size;
             charset  += charset_size;
+            req_size += charset_size;
         }
 
         /* write x frames to buf */