[FFmpeg-cvslog] mov: Prevent illegal writes when chapter titles are very short.
Alex Converse
git at videolan.org
Fri Oct 14 22:40:35 CEST 2011
ffmpeg | branch: master | Alex Converse <alex.converse at gmail.com> | Thu Oct 13 14:47:06 2011 -0700| [8fb22c3d47ccb87d0ee235226a700d2b3ca97afb] | committer: Alex Converse
mov: Prevent illegal writes when chapter titles are very short.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fb22c3d47ccb87d0ee235226a700d2b3ca97afb
---
libavformat/mov.c | 23 +++++++++++++++--------
1 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 0e2ad1f..06057a2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2369,14 +2369,21 @@ static void mov_read_chapters(AVFormatContext *s)
// The samples could theoretically be in any encoding if there's an encd
// atom following, but in practice are only utf-8 or utf-16, distinguished
// instead by the presence of a BOM
- ch = avio_rb16(sc->pb);
- if (ch == 0xfeff)
- avio_get_str16be(sc->pb, len, title, title_len);
- else if (ch == 0xfffe)
- avio_get_str16le(sc->pb, len, title, title_len);
- else {
- AV_WB16(title, ch);
- avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
+ if (!len) {
+ title[0] = 0;
+ } else {
+ ch = avio_rb16(sc->pb);
+ if (ch == 0xfeff)
+ avio_get_str16be(sc->pb, len, title, title_len);
+ else if (ch == 0xfffe)
+ avio_get_str16le(sc->pb, len, title, title_len);
+ else {
+ AV_WB16(title, ch);
+ if (len == 1 || len == 2)
+ title[len] = '0';
+ else
+ avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
+ }
}
ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title);
More information about the ffmpeg-cvslog
mailing list