[FFmpeg-cvslog] matroskadec: pad EBML_BIN data.

[Anton Khirnov]

ffmpeg | branch: release/1.1 | Anton Khirnov <anton at khirnov.net> | Fri Nov 15 10:15:24 2013 +0100| [cbf51c4d36af139b6ce2c3f1c96955ca87468e2a] | committer: Reinhard Tartler

matroskadec: pad EBML_BIN data.

It might be passed to code requiring padding, such as lzo decompression.

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org

(cherry picked from commit 30be1ea33e5525266ad871bed60b1893a53caeaf)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cbf51c4d36af139b6ce2c3f1c96955ca87468e2a
---

 libavformat/matroskadec.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index e42118c..730285a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -704,9 +704,11 @@ static int ebml_read_ascii(AVIOContext *pb, int size, char **str)
 static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin)
 {
     av_free(bin->data);
-    if (!(bin->data = av_malloc(length)))
+    if (!(bin->data = av_malloc(length + FF_INPUT_BUFFER_PADDING_SIZE)))
         return AVERROR(ENOMEM);
 
+    memset(bin->data + length, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+
     bin->size = length;
     bin->pos  = avio_tell(pb);
     if (avio_read(pb, bin->data, length) != length) {