On 28/12/2016 13:15, Anton Khirnov wrote: > If a read fails, current code will free the data, but leave the size > non-zero. Make sure the size is zeroed in such a case. > > CC: [email protected] > Bug-Id: 1001 > Found-By: Kamil Frankowicz > --- > libavformat/matroskadec.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c > index a3954b0..4e121b6 100644 > --- a/libavformat/matroskadec.c > +++ b/libavformat/matroskadec.c > @@ -750,16 +750,19 @@ static int ebml_read_ascii(AVIOContext *pb, int size, > char **str) > static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin) > { > av_free(bin->data); > + bin->size = 0; > + > if (!(bin->data = av_mallocz(length + AV_INPUT_BUFFER_PADDING_SIZE))) > return AVERROR(ENOMEM); > > - bin->size = length; > bin->pos = avio_tell(pb); > if (avio_read(pb, bin->data, length) != length) { > av_freep(&bin->data); > return AVERROR(EIO); > } > > + bin->size = length; > + > return 0; > } > >
Ok. _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
