mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-24 08:12:44 +00:00
matroska: pass the lace size to the matroska_parse_rm_audio
Each lace must be independent according to the specification.
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
Stricter check than fc43c19a56
CC: libav-stable@libav.org
This commit is contained in:
parent
8a96df7b70
commit
25a80a931a
@ -2080,7 +2080,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
|
||||
st->codec->codec_id == AV_CODEC_ID_ATRAC3) &&
|
||||
st->codec->block_align && track->audio.sub_packet_size) {
|
||||
|
||||
res = matroska_parse_rm_audio(matroska, track, st, data, size,
|
||||
res = matroska_parse_rm_audio(matroska, track, st, data,
|
||||
lace_size[n],
|
||||
timecode, duration, pos);
|
||||
if (res)
|
||||
goto end;
|
||||
@ -2096,7 +2097,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
|
||||
if (timecode != AV_NOPTS_VALUE)
|
||||
timecode = duration ? timecode + duration : AV_NOPTS_VALUE;
|
||||
data += lace_size[n];
|
||||
size -= lace_size[n];
|
||||
}
|
||||
|
||||
end:
|
||||
|
Loading…
Reference in New Issue
Block a user