matroskadec: Fix buffer overread in matroska_ebmlnum_uint Based on a Chromium patch Originally committed as revision 23168 to svn://svn.ffmpeg.org/ffmpeg/trunk

commit: 465c28b6b43be2563e0b644ec22cf641fe374d8d [log] [tgz]
author: David Conrad <[email protected]> Tue May 18 21:21:32 2010
committer: David Conrad <[email protected]> Tue May 18 21:21:32 2010
tree: 7acd2e84dc71033ad13c926bc0e85b3d04acd6f2
parent: d98bd80ed3ac2c7274654247daa7b821e2ed6478 [diff] [blame]
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4d18d99..9126717 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c

@@ -679,7 +679,7 @@
 {
     ByteIOContext pb;
     init_put_byte(&pb, data, size, 0, NULL, NULL, NULL, NULL);
-    return ebml_read_num(matroska, &pb, 8, num);
+    return ebml_read_num(matroska, &pb, FFMIN(size, 8), num);
 }
 
 /*
commit	465c28b6b43be2563e0b644ec22cf641fe374d8d	[log] [tgz]
author	David Conrad <[email protected]>	Tue May 18 21:21:32 2010
committer	David Conrad <[email protected]>	Tue May 18 21:21:32 2010
tree	7acd2e84dc71033ad13c926bc0e85b3d04acd6f2
parent	d98bd80ed3ac2c7274654247daa7b821e2ed6478 [diff] [blame]