Avoid a crash with some corrupted mkvs

Should close #5659 Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

Avoid a crash with some corrupted mkvs
Should close #5659 Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
2257fcdb · Denis Charmet · Jean-Baptiste Kempf · 2be0e49f · 2257fcdb
Commit 2257fcdb authored Dec 28, 2011 by Denis Charmet Committed by Jean-Baptiste Kempf Dec 28, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

modules/demux/mkv/matroska_segment.cpp modules/demux/mkv/matroska_segment.cpp +5 -0

No files found.
--- a/modules/demux/mkv/matroska_segment.cpp
+++ b/modules/demux/mkv/matroska_segment.cpp
@@ -932,6 +932,11 @@ bool matroska_segment_c::Select( mtime_t i_start_time )
                p_tk->fmt.i_extra       = GetDWLE( &p_bih->biSize ) - sizeof( BITMAPINFOHEADER );
                if( p_tk->fmt.i_extra > 0 )
                {
+                    /* Very unlikely yet possible: bug #5659*/
+                    size_t maxlen = p_tk->i_extra_data - sizeof( BITMAPINFOHEADER );
+                    p_tk->fmt.i_extra = ( p_tk->fmt.i_extra < maxlen )?
+                        p_tk->fmt.i_extra : maxlen;
                    p_tk->fmt.p_extra = xmalloc( p_tk->fmt.i_extra );
                    memcpy( p_tk->fmt.p_extra, &p_bih[1], p_tk->fmt.i_extra );
                }