From e07086d8aed011544ee2fc71ebab867a38a6d6e7 Mon Sep 17 00:00:00 2001
From: Alex Converse <alex.converse@gmail.com>
Date: Fri, 29 Jul 2011 15:27:36 -0700
Subject: [PATCH] mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating
 extradata.

This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
---
 libavformat/mxfdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 168fd8d69f..a601007aec 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -592,7 +592,7 @@ static int mxf_read_generic_descriptor(MXFDescriptor *descriptor, ByteIOContext
     default:
         /* Private uid used by SONY C0023S01.mxf */
         if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) {
-            descriptor->extradata = av_malloc(size);
+            descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!descriptor->extradata)
                 return -1;
             descriptor->extradata_size = size;