mpeg12dec: reset data size after parsing extradata.

This ended up corrupting data structures and may possibly lead to a double free. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

mpeg12dec: reset data size after parsing extradata.
This ended up corrupting data structures and may possibly lead to a double free. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
951cbea5 · Michael Niedermayer · 41abc9da · 951cbea5
Commit 951cbea5 authored Apr 22, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

mpeg12.c libavcodec/mpeg12.c +1 -0

No files found.
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2289,6 +2289,7 @@ static int mpeg_decode_frame(AVCodecContext *avctx,

    if (avctx->extradata && !avctx->frame_number) {
        int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        *data_size = 0;
        if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
            return ret;
    }