ffmpeg | branch: master | Michael Schenk <michael.sch...@albis-elcon.com> | Fri Nov 25 09:36:20 2016 +0100| [18b94669372d3d4b6c51e347587ea64acef9dbb8] | committer: Andreas Cadhalpun
matroskadec: prevent access of elements after freeing Using the decode interrupt feature of ffmpeg may cause crashes by accessing previously freed pointers in matroska_read_close. To prevent this reset nb_elem to zero after freeing the elements, because ffmpeg normally tests for nb_elem. Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18b94669372d3d4b6c51e347587ea64acef9dbb8 --- libavformat/matroskadec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f79511e..d96e861 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1237,6 +1237,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data) j++, ptr += syntax[i].list_elem_size) ebml_free(syntax[i].def.n, ptr); av_freep(&list->elem); + list->nb_elem = 0; } else ebml_free(syntax[i].def.n, data_off); default: _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog