diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2013-03-29 12:51:51 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2013-04-06 11:40:05 +0200 |
| commit | 09e391abd81c3298e230bebb3c4ce159a259d871 (patch) | |
| tree | f69f1888334f0ba20ff09ad14d15d865aed102ef | |
| parent | b90816d94b0b5c01f451ff98cfbf1d5ddec9c3c1 (diff) | |
| download | ffmpeg-09e391abd81c3298e230bebb3c4ce159a259d871.tar.gz | |
matroska: pass the lace size to the matroska_parse_rm_audio
Each lace must be independent according to the specification.
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
Stricter check than fc43c19a567aa945398dccb491d972c11ec2a065
CC: libav-stable@libav.org
(cherry picked from commit 25a80a931a3829f9d730971dbd269aa39cc273f6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| -rw-r--r-- | libavformat/matroskadec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 5e94b725f8..147c24cf86 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2081,7 +2081,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, st->codec->codec_id == AV_CODEC_ID_ATRAC3) && st->codec->block_align && track->audio.sub_packet_size) { - res = matroska_parse_rm_audio(matroska, track, st, data, size, + res = matroska_parse_rm_audio(matroska, track, st, data, + lace_size[n], timecode, duration, pos); if (res) goto end; @@ -2097,7 +2098,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, if (timecode != AV_NOPTS_VALUE) timecode = duration ? timecode + duration : AV_NOPTS_VALUE; data += lace_size[n]; - size -= lace_size[n]; } end: |