From 2f89f24eb952337a60a03e0dd602c28107c1d87a Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Sat, 28 Sep 2019 19:54:25 +0200 Subject: avformat/matroskadec: Fix demuxing ProRes The structure of a ProRes frame in mov/mp4 is that of a typical atom: First a 32 bit BE size field, then a tag detailling the content. Said size field includes the eight bytes of the atom header. This header is actually redundant, as the size of the atom is already known from the containing atom. It is therefore stripped away when muxed into Matroska and so the Matroska demuxer has to recreate upon demuxing. But it did not account for the fact that the size field includes the size of the header and this can lead to problems when a decoder uses the in-band size field. Fixes ticket #8210. Signed-off-by: Andreas Rheinhardt Signed-off-by: James Almer (cherry picked from commit 581419ea39de6619c3389b8d10ac2cbe212c62a0) --- libavformat/matroskadec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'libavformat/matroskadec.c') diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 8c4ff30935..1d3745ab4d 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3280,15 +3280,16 @@ static int matroska_parse_prores(MatroskaTrack *track, uint8_t *src, int dstlen = *size; if (AV_RB32(&src[4]) != MKBETAG('i', 'c', 'p', 'f')) { - dst = av_malloc(dstlen + 8 + AV_INPUT_BUFFER_PADDING_SIZE); + dstlen += 8; + + dst = av_malloc(dstlen + AV_INPUT_BUFFER_PADDING_SIZE); if (!dst) return AVERROR(ENOMEM); AV_WB32(dst, dstlen); AV_WB32(dst + 4, MKBETAG('i', 'c', 'p', 'f')); - memcpy(dst + 8, src, dstlen); - memset(dst + 8 + dstlen, 0, AV_INPUT_BUFFER_PADDING_SIZE); - dstlen += 8; + memcpy(dst + 8, src, dstlen - 8); + memset(dst + dstlen, 0, AV_INPUT_BUFFER_PADDING_SIZE); } *pdst = dst; -- cgit v1.2.3