Commit 2257fcdb authored by Denis Charmet's avatar Denis Charmet Committed by Jean-Baptiste Kempf

Avoid a crash with some corrupted mkvs

Should close #5659
Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
parent 2be0e49f
......@@ -932,6 +932,11 @@ bool matroska_segment_c::Select( mtime_t i_start_time )
p_tk->fmt.i_extra = GetDWLE( &p_bih->biSize ) - sizeof( BITMAPINFOHEADER );
if( p_tk->fmt.i_extra > 0 )
{
/* Very unlikely yet possible: bug #5659*/
size_t maxlen = p_tk->i_extra_data - sizeof( BITMAPINFOHEADER );
p_tk->fmt.i_extra = ( p_tk->fmt.i_extra < maxlen )?
p_tk->fmt.i_extra : maxlen;
p_tk->fmt.p_extra = xmalloc( p_tk->fmt.i_extra );
memcpy( p_tk->fmt.p_extra, &p_bih[1], p_tk->fmt.i_extra );
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment