Download-Tools/mkvtoolnix
1
0
Fork 0
mirror of https://gitlab.com/mbunkus/mkvtoolnix.git synced 2025-02-26 08:22:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid invalid memory access: Overwriting m_unparsed_buffer before copying data from the cursor is bad. The old m_unparsed_buffer is still used in the cursor. Therefore the copy might read from just freed memory.

Browse Source
This commit is contained in:
Moritz Bunkus 2008-09-24 18:59:14 +00:00
parent 5927a6c1f5
commit 5ba32985fb
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/common/dirac_common.cpp
View File

@ -275,8 +275,9 @@ dirac::es_parser_c::add_bytes(unsigned char *buffer,
int new_size = cursor.get_size() - previous_pos; int new_size = cursor.get_size() - previous_pos;
if (0 != new_size) { if (0 != new_size) {
m_unparsed_buffer = memory_c::alloc(new_size); memory_cptr new_unparsed_buffer = memory_c::alloc(new_size);
cursor.copy(m_unparsed_buffer->get(), previous_pos, new_size); cursor.copy(new_unparsed_buffer->get(), previous_pos, new_size);
m_unparsed_buffer = new_unparsed_buffer;
} else } else
m_unparsed_buffer = memory_cptr(NULL); m_unparsed_buffer = memory_cptr(NULL);

5
src/common/vc1_common.cpp
View File

@ -334,8 +334,9 @@ vc1::es_parser_c::add_bytes(unsigned char *buffer,
int new_size = cursor.get_size() - previous_pos; int new_size = cursor.get_size() - previous_pos;
if (0 != new_size) { if (0 != new_size) {
m_unparsed_buffer = memory_c::alloc(new_size); memory_cptr new_unparsed_buffer = memory_c::alloc(new_size);
cursor.copy(m_unparsed_buffer->get(), previous_pos, new_size); cursor.copy(new_unparsed_buffer->get(), previous_pos, new_size);
m_unparsed_buffer = new_unparsed_buffer;
} else } else
m_unparsed_buffer = memory_cptr(NULL); m_unparsed_buffer = memory_cptr(NULL);