codec_tags: fix wrong buffer size

Obvious mistake. This reported 44 bytes more data than what was available. Could cause out of bounds reads. Security researchers would claim a major victory if they found something like this in more popular software, and would create a website for it.
author: wm4 <wm4@nowhere> 2019-06-13 18:27:51 +0200
committer: Jan Ekström <jeebjp@gmail.com> 2019-07-03 17:47:24 +0300
commit: c379950ce08932dec839f18926183c7b05b57d00 (patch)
tree: 729331ce7a91ceaf1dbe795cbd383602fb7aaff9 /demux/codec_tags.c
parent: ea91162802432aabc8a86216d56223f690e49a67 (diff)
download: mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.bz2
mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/demux/codec_tags.c b/demux/codec_tags.c
index d111c39ae3..ea6c8fe19d 100644
--- a/demux/codec_tags.c
+++ b/demux/codec_tags.c
@@ -75,7 +75,7 @@ static void map_audio_pcm_tag(struct mp_codec_params *c)
 
         // Compressed formats might use this.
         c->extradata += 22;
-        c->extradata_size += 22;
+        c->extradata_size -= 22;
     }
 
     int bits = c->bits_per_coded_sample;
author	wm4 <wm4@nowhere>	2019-06-13 18:27:51 +0200
committer	Jan Ekström <jeebjp@gmail.com>	2019-07-03 17:47:24 +0300
commit	c379950ce08932dec839f18926183c7b05b57d00 (patch)
tree	729331ce7a91ceaf1dbe795cbd383602fb7aaff9 /demux/codec_tags.c
parent	ea91162802432aabc8a86216d56223f690e49a67 (diff)
download	mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.bz2 mpv-c379950ce08932dec839f18926183c7b05b57d00.tar.xz