|
 |
a3c392 |
From d62cecf193d6bf3b16fe91d725f4514161f602c3 Mon Sep 17 00:00:00 2001
|
|
|
a3c392 |
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
|
a3c392 |
Date: Wed, 3 Mar 2021 11:31:52 +0200
|
|
|
a3c392 |
Subject: [PATCH] matroskademux: Initialize track context out parameter to NULL
|
|
|
a3c392 |
before parsing
|
|
|
a3c392 |
|
|
|
a3c392 |
Various error return paths don't set it to NULL and callers are only
|
|
|
a3c392 |
checking if the pointer is NULL. As it's allocated on the stack this
|
|
|
a3c392 |
usually contains random stack memory, and more often than not the memory
|
|
|
a3c392 |
of a previously parsed track.
|
|
|
a3c392 |
|
|
|
a3c392 |
This then causes all kinds of memory corruptions further down the line.
|
|
|
a3c392 |
|
|
|
a3c392 |
Thanks to Natalie Silvanovich for reporting.
|
|
|
a3c392 |
|
|
|
a3c392 |
Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858
|
|
|
a3c392 |
|
|
|
a3c392 |
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/904>
|
|
|
a3c392 |
---
|
|
|
a3c392 |
gst/matroska/matroska-demux.c | 2 ++
|
|
|
a3c392 |
1 file changed, 2 insertions(+)
|
|
|
a3c392 |
|
|
|
a3c392 |
diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
|
|
|
a3c392 |
index b2cd9b5d4..4eb3d2a9f 100644
|
|
|
a3c392 |
--- a/gst/matroska/matroska-demux.c
|
|
|
a3c392 |
+++ b/gst/matroska/matroska-demux.c
|
|
|
a3c392 |
@@ -660,6 +660,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
|
|
|
a3c392 |
|
|
|
a3c392 |
DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
|
|
|
a3c392 |
|
|
|
a3c392 |
+ *dest_context = NULL;
|
|
|
a3c392 |
+
|
|
|
a3c392 |
/* start with the master */
|
|
|
a3c392 |
if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
|
|
|
a3c392 |
DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);
|
|
|
a3c392 |
--
|
|
|
a3c392 |
GitLab
|
|
|
a3c392 |
|