har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mpeg12dec: reset data size after parsing extradata.

Browse Source 
This ended up corrupting data structures and may possibly
lead to a double free.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-04-22 20:03:53 +02:00
parent 41abc9da50
commit 951cbea56f
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libavcodec/mpeg12.c
View File

@ -2289,6 +2289,7 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
if (avctx->extradata && !avctx->frame_number) { if (avctx->extradata && !avctx->frame_number) {
int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size); int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
*data_size = 0;
if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
return ret; return ret;
} }