If a read fails, the current code will free the data but leave the size
non-zero. Make sure the size is zeroed in such a case.
CC: libav-stable@libav.org
Bug-Id: 1001
Found-By: Kamil Frankowicz
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin)
{
av_free(bin->data);
+ bin->size = 0;
+
if (!(bin->data = av_mallocz(length + AV_INPUT_BUFFER_PADDING_SIZE)))
return AVERROR(ENOMEM);
- bin->size = length;
bin->pos = avio_tell(pb);
if (avio_read(pb, bin->data, length) != length) {
av_freep(&bin->data);
return AVERROR(EIO);
}
+ bin->size = length;
+
return 0;
}