generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

matroska: pass the lace size to the matroska_parse_rm_audio

Browse Source 
Each lace must be independent according to the specification.

Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.

Stricter check than fc43c19a56

CC: libav-stable@libav.org
This commit is contained in:
Luca Barbato
2013-03-29 12:51:51 +01:00
parent 8a96df7b70
commit 25a80a931a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/matroskadec.c
View File

@@ -2080,7 +2080,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
st->codec->codec_id == AV_CODEC_ID_ATRAC3) && st->codec->codec_id == AV_CODEC_ID_ATRAC3) &&
st->codec->block_align && track->audio.sub_packet_size) { st->codec->block_align && track->audio.sub_packet_size) {
res = matroska_parse_rm_audio(matroska, track, st, data, size, res = matroska_parse_rm_audio(matroska, track, st, data,
lace_size[n],
timecode, duration, pos); timecode, duration, pos);
if (res) if (res)
goto end; goto end;
@@ -2096,7 +2097,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (timecode != AV_NOPTS_VALUE) if (timecode != AV_NOPTS_VALUE)
timecode = duration ? timecode + duration : AV_NOPTS_VALUE; timecode = duration ? timecode + duration : AV_NOPTS_VALUE;
data += lace_size[n]; data += lace_size[n];
size -= lace_size[n];
} }
end: end: