[FFmpeg-cvslog] movtextenc: fix pointer messup and out of array accesses
Michael Niedermayer
git at videolan.org
Wed Feb 6 00:21:14 CET 2013
ffmpeg | branch: release/1.0 | Michael Niedermayer <michaelni at gmx.at> | Tue Feb 5 21:54:02 2013 +0100| [0c2a350762c398051797638a42ea07ce4baac80d] | committer: Carl Eugen Hoyos
movtextenc: fix pointer messup and out of array accesses
Fixes Ticket2213
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit b0635e2fcf80717dd618ef75d3317d62ed85c300)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c2a350762c398051797638a42ea07ce4baac80d
---
libavcodec/movtextenc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 7f1b5b8..9b0a6c5 100644
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -21,6 +21,7 @@
#include <stdarg.h>
#include "avcodec.h"
+#include "libavutil/avassert.h"
#include "libavutil/avstring.h"
#include "libavutil/intreadwrite.h"
#include "ass_split.h"
@@ -87,15 +88,18 @@ static av_cold int mov_text_encode_init(AVCodecContext *avctx)
static void mov_text_text_cb(void *priv, const char *text, int len)
{
MovTextContext *s = priv;
+ av_assert0(s->end >= s->ptr);
av_strlcpy(s->ptr, text, FFMIN(s->end - s->ptr, len + 1));
- s->ptr += len;
+ s->ptr += FFMIN(s->end - s->ptr, len);
}
static void mov_text_new_line_cb(void *priv, int forced)
{
MovTextContext *s = priv;
+ av_assert0(s->end >= s->ptr);
av_strlcpy(s->ptr, "\n", FFMIN(s->end - s->ptr, 2));
- s->ptr++;
+ if (s->end > s->ptr)
+ s->ptr++;
}
static const ASSCodesCallbacks mov_text_callbacks = {
More information about the ffmpeg-cvslog
mailing list