summaryrefslogtreecommitdiffstats
path: root/demux/demux_mkv.c
diff options
context:
space:
mode:
Diffstat (limited to 'demux/demux_mkv.c')
-rw-r--r--demux/demux_mkv.c20
1 files changed, 8 insertions, 12 deletions
diff --git a/demux/demux_mkv.c b/demux/demux_mkv.c
index 7abde62607..b117aba90a 100644
--- a/demux/demux_mkv.c
+++ b/demux/demux_mkv.c
@@ -73,6 +73,10 @@ static const int cook_fl2bps[COOK_FLAVORS] = {
12016, 16408, 22911, 33506
};
+enum {
+ MAX_NUM_LACES = 256,
+};
+
typedef struct mkv_content_encoding {
uint64_t order, type, scope;
uint64_t comp_algo;
@@ -1782,14 +1786,12 @@ static int demux_mkv_open(demuxer_t *demuxer)
static int demux_mkv_read_block_lacing(uint8_t *buffer, uint64_t *size,
uint8_t *laces,
- uint32_t **all_lace_sizes)
+ uint32_t lace_size[MAX_NUM_LACES])
{
uint32_t total = 0;
- uint32_t *lace_size = NULL;
uint8_t flags;
int i;
- *all_lace_sizes = NULL;
/* lacing flags */
if (*size < 1)
goto error;
@@ -1799,7 +1801,6 @@ static int demux_mkv_read_block_lacing(uint8_t *buffer, uint64_t *size,
switch ((flags & 0x06) >> 1) {
case 0: /* no lacing */
*laces = 1;
- lace_size = calloc(*laces, sizeof(uint32_t));
lace_size[0] = *size;
break;
@@ -1811,7 +1812,6 @@ static int demux_mkv_read_block_lacing(uint8_t *buffer, uint64_t *size,
*laces = *buffer++;
(*size)--;
(*laces)++;
- lace_size = calloc(*laces, sizeof(uint32_t));
switch ((flags & 0x06) >> 1) {
case 1: /* xiph lacing */
@@ -1866,11 +1866,9 @@ static int demux_mkv_read_block_lacing(uint8_t *buffer, uint64_t *size,
}
break;
}
- *all_lace_sizes = lace_size;
return 0;
error:
- free(lace_size);
mp_msg(MSGT_DEMUX, MSGL_ERR, "[mkv] Bad input [lacing]\n");
return 1;
}
@@ -2090,7 +2088,7 @@ static int read_block(demuxer_t *demuxer, struct block_info *block)
free_block(block);
block->length = ebml_read_length(s, NULL);
- if (block->length > 500000000)
+ if (block->length < 6 || block->length > 500000000)
goto exit;
block->data = block->alloc = malloc(block->length + AV_LZO_INPUT_PADDING);
demuxer->filepos = stream_tell(s);
@@ -2131,7 +2129,6 @@ static int handle_block(demuxer_t *demuxer, struct block_info *block_info)
mkv_demuxer_t *mkv_d = (mkv_demuxer_t *) demuxer->priv;
demux_stream_t *ds = NULL;
uint64_t old_length;
- uint32_t *lace_size;
uint8_t laces;
int i, use_this_block = 1;
double current_pts;
@@ -2141,9 +2138,10 @@ static int handle_block(demuxer_t *demuxer, struct block_info *block_info)
uint64_t block_duration = block_info->duration;
uint64_t tc = block_info->timecode;
mkv_track_t *track = block_info->track;
+ uint32_t lace_size[MAX_NUM_LACES];
old_length = length;
- if (demux_mkv_read_block_lacing(block, &length, &laces, &lace_size))
+ if (demux_mkv_read_block_lacing(block, &length, &laces, lace_size))
return 0;
block += old_length - length;
@@ -2235,11 +2233,9 @@ static int handle_block(demuxer_t *demuxer, struct block_info *block_info)
} else if (ds == demuxer->audio)
mkv_d->a_skip_to_keyframe = 0;
- free(lace_size);
return 1;
}
- free(lace_size);
return 0;
}