highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oggdec: prevent codec from changing through ogg_replace_stream()

Browse Source 
This prevents inconsistencies leading to out of array accesses.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2012-12-05 04:38:57 +01:00
parent 599ae9995f
commit 9db3fb6ed8
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/oggdec.c
View File

@@ -174,6 +174,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
struct ogg_stream *os; struct ogg_stream *os;
unsigned bufsize; unsigned bufsize;
uint8_t *buf; uint8_t *buf;
struct ogg_codec *codec;
if (ogg->nstreams != 1) { if (ogg->nstreams != 1) {
av_log_missing_feature(s, "Changing stream parameters in multistream ogg", 0); av_log_missing_feature(s, "Changing stream parameters in multistream ogg", 0);
@@ -184,6 +185,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
buf = os->buf; buf = os->buf;
bufsize = os->bufsize; bufsize = os->bufsize;
codec = os->codec;
if (!ogg->state || ogg->state->streams[0].private != os->private) if (!ogg->state || ogg->state->streams[0].private != os->private)
av_freep(&ogg->streams[0].private); av_freep(&ogg->streams[0].private);
@@ -195,6 +197,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
os->bufsize = bufsize; os->bufsize = bufsize;
os->buf = buf; os->buf = buf;
os->header = -1; os->header = -1;
os->codec = codec;
return 0; return 0;
} }