diff options
author | wm4 <wm4@nowhere> | 2019-06-13 18:27:51 +0200 |
---|---|---|
committer | Jan Ekström <jeebjp@gmail.com> | 2019-07-03 17:47:24 +0300 |
commit | c379950ce08932dec839f18926183c7b05b57d00 (patch) | |
tree | 729331ce7a91ceaf1dbe795cbd383602fb7aaff9 /demux/codec_tags.c | |
parent | ea91162802432aabc8a86216d56223f690e49a67 (diff) | |
download | mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.bz2 mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.xz |
codec_tags: fix wrong buffer size
Obvious mistake. This reported 44 bytes more data than what was
available. Could cause out of bounds reads. Security researchers would
claim a major victory if they found something like this in more popular
software, and would create a website for it.
Diffstat (limited to 'demux/codec_tags.c')
-rw-r--r-- | demux/codec_tags.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/demux/codec_tags.c b/demux/codec_tags.c index d111c39ae3..ea6c8fe19d 100644 --- a/demux/codec_tags.c +++ b/demux/codec_tags.c @@ -75,7 +75,7 @@ static void map_audio_pcm_tag(struct mp_codec_params *c) // Compressed formats might use this. c->extradata += 22; - c->extradata_size += 22; + c->extradata_size -= 22; } int bits = c->bits_per_coded_sample; |