diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-12-21 12:52:23 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-12-29 14:06:47 +0100 |
| commit | 1acd029f40de1a0d3ca292cbbe06ea5a173a84ae (patch) | |
| tree | e8e12c01911b1c3310122ae29f360c5fde99f52f /libavformat/wc3movie.c | |
| parent | 8a0d446ad618ff89e2e212beb7e6ebee125a85a4 (diff) | |
| download | ffmpeg-streaming-1acd029f40de1a0d3ca292cbbe06ea5a173a84ae.zip ffmpeg-streaming-1acd029f40de1a0d3ca292cbbe06ea5a173a84ae.tar.gz | |
avformat/wc3movie: Check strings before printing.
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f7812ca062f_2812_SC_32_part.MVE
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/wc3movie.c')
| -rw-r--r-- | libavformat/wc3movie.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c index 657380a..408c050 100644 --- a/libavformat/wc3movie.c +++ b/libavformat/wc3movie.c @@ -27,6 +27,7 @@ * http://www.pcisys.net/~melanson/codecs/ */ +#include "libavutil/avstring.h" #include "libavutil/channel_layout.h" #include "libavutil/intreadwrite.h" #include "libavutil/dict.h" @@ -249,10 +250,16 @@ static int wc3_read_packet(AVFormatContext *s, else { int i = 0; av_log (s, AV_LOG_DEBUG, "Subtitle time!\n"); + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1) + return AVERROR_INVALIDDATA; av_log (s, AV_LOG_DEBUG, " inglish: %s\n", &text[i + 1]); i += text[i] + 1; + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1) + return AVERROR_INVALIDDATA; av_log (s, AV_LOG_DEBUG, " doytsch: %s\n", &text[i + 1]); i += text[i] + 1; + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1) + return AVERROR_INVALIDDATA; av_log (s, AV_LOG_DEBUG, " fronsay: %s\n", &text[i + 1]); } #endif |
