From 30be1ea33e5525266ad871bed60b1893a53caeaf Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Fri, 15 Nov 2013 10:15:24 +0100
Subject: [PATCH] matroskadec: pad EBML_BIN data.

It might be passed to code requiring padding, such as lzo decompression.

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
---
 libavformat/matroskadec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index f798342..764dbf8 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -734,9 +734,11 @@ static int ebml_read_ascii(AVIOContext *pb, int size, char **str)
 static int ebml_read_binary(AVIOContext *pb, int length, EbmlBin *bin)
 {
     av_free(bin->data);
-    if (!(bin->data = av_malloc(length)))
+    if (!(bin->data = av_malloc(length + FF_INPUT_BUFFER_PADDING_SIZE)))
         return AVERROR(ENOMEM);
 
+    memset(bin->data + length, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+
     bin->size = length;
     bin->pos  = avio_tell(pb);
     if (avio_read(pb, bin->data, length) != length) {
-- 
2.7.4