[FFmpeg-cvslog] avformat/wc3movie: Check strings before printing.
Michael Niedermayer
git at videolan.org
Sun Dec 29 16:50:27 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Dec 21 12:52:23 2013 +0100| [1acd029f40de1a0d3ca292cbbe06ea5a173a84ae] | committer: Michael Niedermayer
avformat/wc3movie: Check strings before printing.
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f7812ca062f_2812_SC_32_part.MVE
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1acd029f40de1a0d3ca292cbbe06ea5a173a84ae
---
libavformat/wc3movie.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
index 657380a..408c050 100644
--- a/libavformat/wc3movie.c
+++ b/libavformat/wc3movie.c
@@ -27,6 +27,7 @@
* http://www.pcisys.net/~melanson/codecs/
*/
+#include "libavutil/avstring.h"
#include "libavutil/channel_layout.h"
#include "libavutil/intreadwrite.h"
#include "libavutil/dict.h"
@@ -249,10 +250,16 @@ static int wc3_read_packet(AVFormatContext *s,
else {
int i = 0;
av_log (s, AV_LOG_DEBUG, "Subtitle time!\n");
+ if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
+ return AVERROR_INVALIDDATA;
av_log (s, AV_LOG_DEBUG, " inglish: %s\n", &text[i + 1]);
i += text[i] + 1;
+ if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
+ return AVERROR_INVALIDDATA;
av_log (s, AV_LOG_DEBUG, " doytsch: %s\n", &text[i + 1]);
i += text[i] + 1;
+ if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
+ return AVERROR_INVALIDDATA;
av_log (s, AV_LOG_DEBUG, " fronsay: %s\n", &text[i + 1]);
}
#endif
More information about the ffmpeg-cvslog
mailing list