matroskadec: make sure not to leave EbmlBin in an inconsistent state

If a read fails, the current code will free the data but leave the size
non-zero. Make sure the size is zeroed in such a case.

CC: libav-stable@libav.org
Bug-Id: 1001
Found-By: Kamil Frankowicz
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index a3954b0c4e98dae2036f5b7fc2738373b4fed595..4e121b6afe3e2273b00a0458e34c9d4d04561f29 100644 (file)
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -750,16 +750,19 @@ static int ebml_read_ascii(AVIOContext *pb, int size, char **str)
 static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin)
 {
     av_free(bin->data);
+    bin->size = 0;
+
     if (!(bin->data = av_mallocz(length + AV_INPUT_BUFFER_PADDING_SIZE)))
         return AVERROR(ENOMEM);
 
-    bin->size = length;
     bin->pos  = avio_tell(pb);
     if (avio_read(pb, bin->data, length) != length) {
         av_freep(&bin->data);
         return AVERROR(EIO);
     }
 
+    bin->size = length;
+
     return 0;
 }