reorganize matroska_add_stream() to fix potential mem leak and buffer overflow

fix CID44 git-svn-id: file:///var/local/repositories/ffmpeg/trunk@13634 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

reorganize matroska_add_stream() to fix potential mem leak and buffer overflow
fix CID44 git-svn-id: file:///var/local/repositories/ffmpeg/trunk@13634 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
3352d579 · aurel · 9cdf3a3c · 3352d579
Commit 3352d579 authored Jun 02, 2008 by aurel
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 6 deletions

libavformat/matroskadec.c libavformat/matroskadec.c +9 -6

No files found.
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1021,17 +1021,16 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
    uint32_t id;
    MatroskaTrack *track;

+    /* start with the master */
+    if ((res = ebml_read_master(matroska, &id)) < 0)
+        return res;
+
    av_log(matroska->ctx, AV_LOG_DEBUG, "parsing track, adding stream..,\n");

    /* Allocate a generic track. As soon as we know its type we'll realloc. */
    track = av_mallocz(MAX_TRACK_SIZE);
-    matroska->num_tracks++;
    strcpy(track->language, "eng");

-    /* start with the master */
-    if ((res = ebml_read_master(matroska, &id)) < 0)
-        return res;
-
    /* try reading the trackentry headers */
    while (res == 0) {
        if (!(id = ebml_peek_id(matroska, &matroska->level_up))) {
@@ -1088,7 +1087,6 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
                        track->type = MATROSKA_TRACK_TYPE_NONE;
                        break;
                }
-                matroska->tracks[matroska->num_tracks - 1] = track;
                break;
            }

@@ -1623,6 +1621,11 @@ matroska_add_stream (MatroskaDemuxContext *matroska)
        }
    }

+    if (track->type && matroska->num_tracks < ARRAY_SIZE(matroska->tracks)) {
+        matroska->tracks[matroska->num_tracks++] = track;
+    } else {
+        av_free(track);
+    }
    return res;
 }