aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDale Curtis <dalecurtis@chromium.org>2012-04-23 16:15:31 +0000
committerJustin Ruggles <justin.ruggles@gmail.com>2012-04-23 14:21:42 -0400
commit7521c4bab28ff3a622171be5b39a6b210f4263f0 (patch)
treee091fb3df5ac91e6dfbf4d55ea0bb95ea0eff13e
parent83b26046fcce5f497042fd7c5d7ae6904d7b76e1 (diff)
downloadffmpeg-7521c4bab28ff3a622171be5b39a6b210f4263f0.tar.gz
matroska: Clear prev_pkt between seeks.
The new incremental parser doesn't always clear prev_pkt, however the packet queue is cleared when seeking. Which leads to a use-after-free. Verified using Valgrind. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
-rw-r--r--libavformat/matroskadec.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 100b97f5dd..e45cfb02c9 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2094,6 +2094,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index,
avio_seek(s->pb, st->index_entries[st->nb_index_entries-1].pos, SEEK_SET);
matroska->current_id = 0;
while ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) {
+ matroska->prev_pkt = NULL;
matroska_clear_queue(matroska);
if (matroska_parse_cluster(matroska) < 0)
break;