On 6/5/2025 9:14 PM, James Almer wrote:
> The GetBitContext API requires the buffer to be padded, and the documentation for
> av_ac3_parse_header() does not specify it, so use a temporary local buffer.
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>   libavcodec/ac3_parser.c | 16 +++++++++++++---
>   1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
> index 69989690dd..9065d700e2 100644
> --- a/libavcodec/ac3_parser.c
> +++ b/libavcodec/ac3_parser.c
> @@ -202,14 +202,24 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size,
>   {
>       GetBitContext gb;
>       AC3HeaderInfo hdr;
> +    uint8_t *tmp = av_malloc(size + AV_INPUT_BUFFER_PADDING_SIZE);
>       int err;
>   
> -    err = init_get_bits8(&gb, buf, size);
> -    if (err < 0)
> +    if (!tmp)
> +        return AVERROR(ENOMEM);
> +
> +    memcpy(tmp, buf, size);
> +    memset(tmp + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
> +    err = init_get_bits8(&gb, tmp, size);
> +    if (err < 0) {
> +        av_free(tmp);
>           return AVERROR_INVALIDDATA;
> +    }
>       err = ff_ac3_parse_header(&gb, &hdr);
> -    if (err < 0)
> +    if (err < 0) {
> +        av_free(tmp);
>           return AVERROR_INVALIDDATA;
> +    }
>   
>       *bitstream_id = hdr.bitstream_id;
>       *frame_size   = hdr.frame_size;

Added the missing av_free(tmp) in case of success locally...