From 9026ec8aaf5fa19cb4fb266c16f608af0d863b2b Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Wed, 28 Dec 2016 13:15:14 +0100
Subject: [PATCH] matroskadec: make sure not to leave EbmlBin in an
 inconsistent state

If a read fails, the current code will free the data but leave the size
non-zero. Make sure the size is zeroed in such a case.

CC: libav-stable@libav.org
Bug-Id: 1001
Found-By: Kamil Frankowicz
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
---
 libavformat/matroskadec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index a3954b0c4e..4e121b6afe 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -750,16 +750,19 @@ static int ebml_read_ascii(AVIOContext *pb, int size, char **str)
 static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin)
 {
     av_free(bin->data);
+    bin->size = 0;
+
     if (!(bin->data = av_mallocz(length + AV_INPUT_BUFFER_PADDING_SIZE)))
         return AVERROR(ENOMEM);
 
-    bin->size = length;
     bin->pos  = avio_tell(pb);
     if (avio_read(pb, bin->data, length) != length) {
         av_freep(&bin->data);
         return AVERROR(EIO);
     }
 
+    bin->size = length;
+
     return 0;
 }