matroskademux: Initialize track context out parameter to NULL before parsing

Various error return paths don't set it to NULL and callers are only
checking if the pointer is NULL. As it's allocated on the stack this
usually contains random stack memory, and more often than not the memory
of a previously parsed track.

This then causes all kinds of memory corruptions further down the line.

Thanks to Natalie Silvanovich for reporting.

Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/902>

diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
index d7b6f7e..e878e0d 100644 (file)
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -694,6 +694,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
 
   DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
 
+  *dest_context = NULL;
+
   /* start with the master */
   if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
     DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);