From c379950ce08932dec839f18926183c7b05b57d00 Mon Sep 17 00:00:00 2001 From: wm4 Date: Thu, 13 Jun 2019 18:27:51 +0200 Subject: [PATCH] codec_tags: fix wrong buffer size Obvious mistake. This reported 44 bytes more data than what was available. Could cause out of bounds reads. Security researchers would claim a major victory if they found something like this in more popular software, and would create a website for it. --- demux/codec_tags.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demux/codec_tags.c b/demux/codec_tags.c index d111c39ae3..ea6c8fe19d 100644 --- a/demux/codec_tags.c +++ b/demux/codec_tags.c @@ -75,7 +75,7 @@ static void map_audio_pcm_tag(struct mp_codec_params *c) // Compressed formats might use this. c->extradata += 22; - c->extradata_size += 22; + c->extradata_size -= 22; } int bits = c->bits_per_coded_sample;