mkv: Fix a bug where a pointer was cached to an array that might later move due to

a realloc() BUG=100492 Review URL: http://codereview.chromium.org/8366004 Fixes: 1 of 2 for CVE-2011-3893 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f35e037c93cf7d25e65b4a2ed3674358f05e4bed) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Chris Evans <cevans@chromium.org> 2012-01-04 16:33:34 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-01-04 22:18:55 +0100
commit: 49b8709870e4fa4d577ce6909d4bc6e03cedfe4e (patch)
tree: f0cdfdc95ed952e04c3082decfd793f95d00c67c
parent: 1bd1103175f4dd080d39075648baa708553004e2 (diff)
download: ffmpeg-49b8709870e4fa4d577ce6909d4bc6e03cedfe4e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4a0c2fa76c..c02013e3ca 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1223,7 +1223,6 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska, int idx
 static void matroska_execute_seekhead(MatroskaDemuxContext *matroska)
 {
     EbmlList *seekhead_list = &matroska->seekhead;
-    MatroskaSeekhead *seekhead = seekhead_list->elem;
     int64_t before_pos = avio_tell(matroska->ctx->pb);
     int i;
 
@@ -1233,6 +1232,7 @@ static void matroska_execute_seekhead(MatroskaDemuxContext *matroska)
         return;
 
     for (i = 0; i < seekhead_list->nb_elem; i++) {
+        MatroskaSeekhead *seekhead = seekhead_list->elem;
         if (seekhead[i].pos <= before_pos)
             continue;
author	Chris Evans <cevans@chromium.org>	2012-01-04 16:33:34 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:55 +0100
commit	49b8709870e4fa4d577ce6909d4bc6e03cedfe4e (patch)
tree	f0cdfdc95ed952e04c3082decfd793f95d00c67c
parent	1bd1103175f4dd080d39075648baa708553004e2 (diff)
download	ffmpeg-49b8709870e4fa4d577ce6909d4bc6e03cedfe4e.tar.gz