[FFmpeg-cvslog] oggdec: prevent codec from changing through ogg_replace_stream()

Michael Niedermayer git at videolan.org
Wed Dec 5 05:36:39 CET 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Dec  5 04:38:57 2012 +0100| [9db3fb6ed8d35ae02a1d3c322777bd45bb4579c9] | committer: Michael Niedermayer

oggdec: prevent codec from changing through ogg_replace_stream()

This prevents inconsistencies leading to out of array accesses.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9db3fb6ed8d35ae02a1d3c322777bd45bb4579c9
---

 libavformat/oggdec.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index 3ca33dc..11645c9 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -174,6 +174,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
     struct ogg_stream *os;
     unsigned bufsize;
     uint8_t *buf;
+    struct ogg_codec *codec;
 
     if (ogg->nstreams != 1) {
         av_log_missing_feature(s, "Changing stream parameters in multistream ogg", 0);
@@ -184,6 +185,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
 
     buf = os->buf;
     bufsize = os->bufsize;
+    codec   = os->codec;
 
     if (!ogg->state || ogg->state->streams[0].private != os->private)
         av_freep(&ogg->streams[0].private);
@@ -195,6 +197,7 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial)
     os->bufsize = bufsize;
     os->buf = buf;
     os->header = -1;
+    os->codec = codec;
 
     return 0;
 }



More information about the ffmpeg-cvslog mailing list