summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwm4 <wm4@nowhere>2016-08-16 10:48:54 +0200
committerwm4 <wm4@nowhere>2016-08-16 10:48:54 +0200
commit12e251c29e1be905ab35c4caed9a6d926c1825b0 (patch)
treef6db87a823b142b21b51ce4abb2e545f4c8e2c88
parent814dacdd7d010407a4bea74b3a047079f49c5c39 (diff)
downloadmpv-12e251c29e1be905ab35c4caed9a6d926c1825b0.tar.bz2
mpv-12e251c29e1be905ab35c4caed9a6d926c1825b0.tar.xz
demux: fix undefined behavior with ogg metadata update
When an ogg track upodates metadata, we have to perform a complicated runtime update due to the demux.c architecture. A detail was broken and an array was allocated with the previous number of streams, which usually led to invalid memory write accesses at least on the first update. See github commit comment on commit b9ba9a89.
-rw-r--r--demux/demux.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/demux/demux.c b/demux/demux.c
index 648e629f77..0c42efee92 100644
--- a/demux/demux.c
+++ b/demux/demux.c
@@ -1039,10 +1039,10 @@ static void demux_copy(struct demuxer *dst, struct demuxer *src)
dst->metadata = mp_tags_dup(dst, src->metadata);
if (dst->num_update_stream_tags != src->num_update_stream_tags) {
+ dst->num_update_stream_tags = src->num_update_stream_tags;
talloc_free(dst->update_stream_tags);
dst->update_stream_tags =
talloc_zero_array(dst, struct mp_tags *, dst->num_update_stream_tags);
- dst->num_update_stream_tags = src->num_update_stream_tags;
}
for (int n = 0; n < dst->num_update_stream_tags; n++) {
talloc_free(dst->update_stream_tags[n]);