From fe53fa253f4a54f715249f0d88f7320ae0f65df5 Mon Sep 17 00:00:00 2001 From: Aurelien Jacobs Date: Mon, 2 Jun 2008 23:07:41 +0000 Subject: [PATCH] reorganize matroska_add_stream() to fix potential mem leak and buffer overflow fix CID44 Originally committed as revision 13634 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/matroskadec.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 11426307fe..e20332945f 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1021,17 +1021,16 @@ matroska_add_stream (MatroskaDemuxContext *matroska) uint32_t id; MatroskaTrack *track; + /* start with the master */ + if ((res = ebml_read_master(matroska, &id)) < 0) + return res; + av_log(matroska->ctx, AV_LOG_DEBUG, "parsing track, adding stream..,\n"); /* Allocate a generic track. As soon as we know its type we'll realloc. */ track = av_mallocz(MAX_TRACK_SIZE); - matroska->num_tracks++; strcpy(track->language, "eng"); - /* start with the master */ - if ((res = ebml_read_master(matroska, &id)) < 0) - return res; - /* try reading the trackentry headers */ while (res == 0) { if (!(id = ebml_peek_id(matroska, &matroska->level_up))) { @@ -1088,7 +1087,6 @@ matroska_add_stream (MatroskaDemuxContext *matroska) track->type = MATROSKA_TRACK_TYPE_NONE; break; } - matroska->tracks[matroska->num_tracks - 1] = track; break; } @@ -1623,6 +1621,11 @@ matroska_add_stream (MatroskaDemuxContext *matroska) } } + if (track->type && matroska->num_tracks < ARRAY_SIZE(matroska->tracks)) { + matroska->tracks[matroska->num_tracks++] = track; + } else { + av_free(track); + } return res; }