aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAurelien Jacobs <aurel@gnuage.org>2008-06-02 23:07:41 +0000
committerAurelien Jacobs <aurel@gnuage.org>2008-06-02 23:07:41 +0000
commitfe53fa253f4a54f715249f0d88f7320ae0f65df5 (patch)
tree4f087d83c04b0237d85beb5868c504a422523096
parent4b3dc529f55df2133c548f83f6eaeb67e4f3bb83 (diff)
downloadffmpeg-fe53fa253f4a54f715249f0d88f7320ae0f65df5.tar.gz
reorganize matroska_add_stream() to fix potential mem leak and buffer overflow
fix CID44 Originally committed as revision 13634 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavformat/matroskadec.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 11426307fe..e20332945f 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1021,17 +1021,16 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
uint32_t id;
MatroskaTrack *track;
+ /* start with the master */
+ if ((res = ebml_read_master(matroska, &id)) < 0)
+ return res;
+
av_log(matroska->ctx, AV_LOG_DEBUG, "parsing track, adding stream..,\n");
/* Allocate a generic track. As soon as we know its type we'll realloc. */
track = av_mallocz(MAX_TRACK_SIZE);
- matroska->num_tracks++;
strcpy(track->language, "eng");
- /* start with the master */
- if ((res = ebml_read_master(matroska, &id)) < 0)
- return res;
-
/* try reading the trackentry headers */
while (res == 0) {
if (!(id = ebml_peek_id(matroska, &matroska->level_up))) {
@@ -1088,7 +1087,6 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
track->type = MATROSKA_TRACK_TYPE_NONE;
break;
}
- matroska->tracks[matroska->num_tracks - 1] = track;
break;
}
@@ -1623,6 +1621,11 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
}
}
+ if (track->type && matroska->num_tracks < ARRAY_SIZE(matroska->tracks)) {
+ matroska->tracks[matroska->num_tracks++] = track;
+ } else {
+ av_free(track);
+ }
return res;
}