[FFmpeg-cvslog] mov: Fix handling of zero-length metadata values
Martin Storsjö
git at videolan.org
Tue Dec 16 02:44:09 CET 2014
ffmpeg | branch: master | Martin Storsjö <martin at martin.st> | Mon Dec 15 12:09:10 2014 +0200| [6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40] | committer: Martin Storsjö
mov: Fix handling of zero-length metadata values
Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.
Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.
Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index a64ff4f..4590a2d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -383,7 +383,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR_INVALIDDATA;
// allocate twice as much as worst-case
- str_size_alloc = raw ? str_size + 1 : str_size * 2;
+ str_size_alloc = (raw ? str_size : str_size * 2) + 1;
str = av_malloc(str_size_alloc);
if (!str)
return AVERROR(ENOMEM);
More information about the ffmpeg-cvslog
mailing list