mpeg12dec: reset data size after parsing extradata.

This ended up corrupting data structures and may possibly
lead to a double free.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index ea19b819cc115bb0c880441d9919ecd55e7d8387..b66d535e28156be53ebab996a13793d2006c773e 100644 (file)
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2289,6 +2289,7 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
 
     if (avctx->extradata && !avctx->frame_number) {
         int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        *data_size = 0;
         if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
             return ret;
     }