Module: libav Branch: release/9 Commit: 09e391abd81c3298e230bebb3c4ce159a259d871
Author: Luca Barbato <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Fri Mar 29 12:51:51 2013 +0100 matroska: pass the lace size to the matroska_parse_rm_audio Each lace must be independent according to the specification. Fix heap-buffer-overflow in matroska_parse_block for corrupted real media in mkv files. Stricter check than fc43c19a567aa945398dccb491d972c11ec2a065 CC: [email protected] (cherry picked from commit 25a80a931a3829f9d730971dbd269aa39cc273f6) Signed-off-by: Reinhard Tartler <[email protected]> --- libavformat/matroskadec.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 5e94b72..147c24c 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2081,7 +2081,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, st->codec->codec_id == AV_CODEC_ID_ATRAC3) && st->codec->block_align && track->audio.sub_packet_size) { - res = matroska_parse_rm_audio(matroska, track, st, data, size, + res = matroska_parse_rm_audio(matroska, track, st, data, + lace_size[n], timecode, duration, pos); if (res) goto end; @@ -2097,7 +2098,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, if (timecode != AV_NOPTS_VALUE) timecode = duration ? timecode + duration : AV_NOPTS_VALUE; data += lace_size[n]; - size -= lace_size[n]; } end: _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
