[FFmpeg-cvslog] mov: Fix handling of zero-length metadata values

[Martin Storsjö]

ffmpeg | branch: master | Martin Storsjö <martin at martin.st> | Mon Dec 15 12:09:10 2014 +0200| [6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40] | committer: Martin Storsjö

mov: Fix handling of zero-length metadata values

Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.

Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.

Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.

Signed-off-by: Martin Storsjö <martin at martin.st>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40
---

 libavformat/mov.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a64ff4f..4590a2d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -383,7 +383,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return AVERROR_INVALIDDATA;
 
     // allocate twice as much as worst-case
-    str_size_alloc = raw ? str_size + 1 : str_size * 2;
+    str_size_alloc = (raw ? str_size : str_size * 2) + 1;
     str = av_malloc(str_size_alloc);
     if (!str)
         return AVERROR(ENOMEM);