matroska: Clear prev_pkt between seeks.

The new incremental parser doesn't always clear prev_pkt, however the packet queue is cleared when seeking. Which leads to a use-after-free. Verified using Valgrind. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>

matroska: Clear prev_pkt between seeks.
The new incremental parser doesn't always clear prev_pkt, however the packet queue is cleared when seeking. Which leads to a use-after-free. Verified using Valgrind. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
7521c4ba · Dale Curtis · Justin Ruggles · 83b26046 · 7521c4ba
Commit 7521c4ba authored Apr 23, 2012 by Dale Curtis Committed by Justin Ruggles Apr 23, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

matroskadec.c libavformat/matroskadec.c +1 -0

No files found.
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2094,6 +2094,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index,
        avio_seek(s->pb, st->index_entries[st->nb_index_entries-1].pos, SEEK_SET);
        matroska->current_id = 0;
        while ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) {
+            matroska->prev_pkt = NULL;
            matroska_clear_queue(matroska);
            if (matroska_parse_cluster(matroska) < 0)
                break;