[FFmpeg-devel] [PATCH 2/2] avformat/wc3movie: Check strings before printing.
Stefano Sabatini
stefasab at gmail.com
Sun Dec 22 22:15:23 CET 2013
On date Saturday 2013-12-21 17:18:43 +0100, Michael Niedermayer encoded:
> Fixes use of uninitialized memory
> Fixes: msan_uninit-mem_7f7812ca062f_2812_SC_32_part.MVE
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> ---
> libavformat/wc3movie.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
> index 657380a..408c050 100644
> --- a/libavformat/wc3movie.c
> +++ b/libavformat/wc3movie.c
> @@ -27,6 +27,7 @@
> * http://www.pcisys.net/~melanson/codecs/
> */
>
> +#include "libavutil/avstring.h"
> #include "libavutil/channel_layout.h"
> #include "libavutil/intreadwrite.h"
> #include "libavutil/dict.h"
> @@ -249,10 +250,16 @@ static int wc3_read_packet(AVFormatContext *s,
> else {
> int i = 0;
> av_log (s, AV_LOG_DEBUG, "Subtitle time!\n");
> + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> + return AVERROR_INVALIDDATA;
> av_log (s, AV_LOG_DEBUG, " inglish: %s\n", &text[i + 1]);
> i += text[i] + 1;
> + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> + return AVERROR_INVALIDDATA;
> av_log (s, AV_LOG_DEBUG, " doytsch: %s\n", &text[i + 1]);
> i += text[i] + 1;
> + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> + return AVERROR_INVALIDDATA;
> av_log (s, AV_LOG_DEBUG, " fronsay: %s\n", &text[i + 1]);
> }
It could be probably factorized/macrotized and some error feedback
added, but LGTM.
--
FFmpeg = Fiendish Formidable Magic Prodigious Exxagerate Gangster
More information about the ffmpeg-devel
mailing list