[FFmpeg-cvslog] Merge commit '46191a2da16f751e53d93646ae1388d421d12bee'

[Clément Bœsch]

ffmpeg | branch: master | Clément Bœsch <u at pkh.me> | Sat Apr 29 12:46:48 2017 +0200| [e166fe2e1f0ae175a6b7f1f4b137c1366fd7f633] | committer: Clément Bœsch

Merge commit '46191a2da16f751e53d93646ae1388d421d12bee'

* commit '46191a2da16f751e53d93646ae1388d421d12bee':
  mov: fix a possible invalid read in mov_read_mac_string()

Merged-by: Clément Bœsch <u at pkh.me>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e166fe2e1f0ae175a6b7f1f4b137c1366fd7f633
---

 libavformat/mov.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 03fd90e3d3..afef53b79a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -162,7 +162,11 @@ static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
 
     for (i = 0; i < len; i++) {
         uint8_t t, c = avio_r8(pb);
-        if (c < 0x80 && p < end)
+
+        if (p >= end)
+            continue;
+
+        if (c < 0x80)
             *p++ = c;
         else if (p < end)
             PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);


======================================================================

diff --cc libavformat/mov.c
index 03fd90e3d3,ed10a15625..afef53b79a
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@@ -162,9 -161,13 +162,13 @@@ static int mov_read_mac_string(MOVConte
  
      for (i = 0; i < len; i++) {
          uint8_t t, c = avio_r8(pb);
-         if (c < 0x80 && p < end)
+ 
+         if (p >= end)
+             continue;
+ 
+         if (c < 0x80)
              *p++ = c;
 -        else
 +        else if (p < end)
              PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
      }
      *p = 0;