[FFmpeg-cvslog] avcodec/assenc: fix potential overread.

Sun Sep 15 22:20:44 CEST 2013

ffmpeg | branch: release/2.0 | Clément Bœsch <u at pkh.me> | Sun Sep  8 18:23:44 2013 +0200| [0f429392cf412dc89909b216cfbf7f7e9fe72717] | committer: Alexander Strasser

avcodec/assenc: fix potential overread.

(cherry picked from commit 860a0810583f54ccbde912aebda8711f18eab8eb)

Signed-off-by: Alexander Strasser <eclipse7 at gmx.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f429392cf412dc89909b216cfbf7f7e9fe72717
---

 libavcodec/assenc.c |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libavcodec/assenc.c b/libavcodec/assenc.c
index 7b8a540..5dc3b09 100644
--- a/libavcodec/assenc.c
+++ b/libavcodec/assenc.c
@@ -80,9 +80,16 @@ static int ass_encode_frame(AVCodecContext *avctx,
              * will be "Marked=N" instead of the layer num, so we will
              * have layer=0, which is fine. */
             layer = strtol(ass, &p, 10);
-            if (*p) p += strcspn(p, ",") + 1; // skip layer or marked
-            if (*p) p += strcspn(p, ",") + 1; // skip start timestamp
-            if (*p) p += strcspn(p, ",") + 1; // skip end timestamp
+
+#define SKIP_ENTRY(ptr) do {        \
+    char *sep = strchr(ptr, ',');   \
+    if (sep)                        \
+        ptr = sep + 1;              \
+} while (0)
+
+            SKIP_ENTRY(p); // skip layer or marked
+            SKIP_ENTRY(p); // skip start timestamp
+            SKIP_ENTRY(p); // skip end timestamp
             snprintf(ass_line, sizeof(ass_line), "%d,%ld,%s", ++s->id, layer, p);
             ass_line[strcspn(ass_line, "\r\n")] = 0;
             ass = ass_line;

