matroskademux: Initialize track context out parameter to NULL before parsing

Various error return paths don't set it to NULL and callers are only
checking if the pointer is NULL. As it's allocated on the stack this
usually contains random stack memory, and more often than not the memory
of a previously parsed track.

This then causes all kinds of memory corruptions further down the line.

Thanks to Natalie Silvanovich for reporting.

Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/902>

diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
index d7b6f7edcbaa6756d55cc2bfeaf2d1bdf4628e16..e878e0d669478ce02c58c7c2c293fa25b3f5fadf 100644 (file)
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -694,6 +694,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
 
   DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
 
+  *dest_context = NULL;
+
   /* start with the master */
   if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
     DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);