[FFmpeg-cvslog] r13634 - trunk/libavformat/matroskadec.c
aurel
subversion
Tue Jun 3 01:07:41 CEST 2008
Author: aurel
Date: Tue Jun 3 01:07:41 2008
New Revision: 13634
Log:
reorganize matroska_add_stream() to fix potential mem leak and buffer overflow
fix CID44
Modified:
trunk/libavformat/matroskadec.c
Modified: trunk/libavformat/matroskadec.c
==============================================================================
--- trunk/libavformat/matroskadec.c (original)
+++ trunk/libavformat/matroskadec.c Tue Jun 3 01:07:41 2008
@@ -1021,17 +1021,16 @@ matroska_add_stream (MatroskaDemuxContex
uint32_t id;
MatroskaTrack *track;
+ /* start with the master */
+ if ((res = ebml_read_master(matroska, &id)) < 0)
+ return res;
+
av_log(matroska->ctx, AV_LOG_DEBUG, "parsing track, adding stream..,\n");
/* Allocate a generic track. As soon as we know its type we'll realloc. */
track = av_mallocz(MAX_TRACK_SIZE);
- matroska->num_tracks++;
strcpy(track->language, "eng");
- /* start with the master */
- if ((res = ebml_read_master(matroska, &id)) < 0)
- return res;
-
/* try reading the trackentry headers */
while (res == 0) {
if (!(id = ebml_peek_id(matroska, &matroska->level_up))) {
@@ -1088,7 +1087,6 @@ matroska_add_stream (MatroskaDemuxContex
track->type = MATROSKA_TRACK_TYPE_NONE;
break;
}
- matroska->tracks[matroska->num_tracks - 1] = track;
break;
}
@@ -1623,6 +1621,11 @@ matroska_add_stream (MatroskaDemuxContex
}
}
+ if (track->type && matroska->num_tracks < ARRAY_SIZE(matroska->tracks)) {
+ matroska->tracks[matroska->num_tracks++] = track;
+ } else {
+ av_free(track);
+ }
return res;
}
More information about the ffmpeg-cvslog
mailing list