matroskadec: prevent access of elements after freeing

Using the decode interrupt feature of ffmpeg may cause crashes by accessing previously freed pointers in matroska_read_close. To prevent this reset nb_elem to zero after freeing the elements, because ffmpeg normally tests for nb_elem. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>

matroskadec: prevent access of elements after freeing
Using the decode interrupt feature of ffmpeg may cause crashes by accessing previously freed pointers in matroska_read_close. To prevent this reset nb_elem to zero after freeing the elements, because ffmpeg normally tests for nb_elem. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
18b94669 · Michael Schenk · Andreas Cadhalpun · 24758588 · 18b94669
Commit 18b94669 authored Nov 25, 2016 by Michael Schenk Committed by Andreas Cadhalpun Nov 30, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

matroskadec.c libavformat/matroskadec.c +1 -0

No files found.
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1237,6 +1237,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
                     j++, ptr += syntax[i].list_elem_size)
                    ebml_free(syntax[i].def.n, ptr);
                av_freep(&list->elem);
+                list->nb_elem = 0;
            } else
                ebml_free(syntax[i].def.n, data_off);
        default: