Fix overflow in STSD parser

Reset `sc->stsd_count` before parsing entries. This number doesn't get reset, which means that multiple parse passes can increment it past the `sc->extradata` array end and cause OOB writes.
2026-02-03 16:31:50 -08:00
parent 303fd126a8
commit a58cb16e27
1 changed files with 1 additions and 0 deletions
@@ -3258,6 +3258,7 @@ fail:
            av_freep(&sc->extradata[j]);
    }

+    sc->stsd_count = 0;
    av_freep(&sc->extradata);
    av_freep(&sc->extradata_size);
    return ret;