[FFmpeg-devel] [PATCH 2/2] avformat/wc3movie: Check strings before printing.

Michael Niedermayer michaelni at gmx.at
Sun Dec 29 16:32:59 CET 2013


On Sun, Dec 22, 2013 at 10:15:23PM +0100, Stefano Sabatini wrote:
> On date Saturday 2013-12-21 17:18:43 +0100, Michael Niedermayer encoded:
> > Fixes use of uninitialized memory
> > Fixes: msan_uninit-mem_7f7812ca062f_2812_SC_32_part.MVE
> > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> > Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> > ---
> >  libavformat/wc3movie.c |    7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
> > index 657380a..408c050 100644
> > --- a/libavformat/wc3movie.c
> > +++ b/libavformat/wc3movie.c
> > @@ -27,6 +27,7 @@
> >   *   http://www.pcisys.net/~melanson/codecs/
> >   */
> >  
> > +#include "libavutil/avstring.h"
> >  #include "libavutil/channel_layout.h"
> >  #include "libavutil/intreadwrite.h"
> >  #include "libavutil/dict.h"
> > @@ -249,10 +250,16 @@ static int wc3_read_packet(AVFormatContext *s,
> >              else {
> >                  int i = 0;
> >                  av_log (s, AV_LOG_DEBUG, "Subtitle time!\n");
> > +                if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > +                    return AVERROR_INVALIDDATA;
> >                  av_log (s, AV_LOG_DEBUG, "  inglish: %s\n", &text[i + 1]);
> >                  i += text[i] + 1;
> > +                if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > +                    return AVERROR_INVALIDDATA;
> >                  av_log (s, AV_LOG_DEBUG, "  doytsch: %s\n", &text[i + 1]);
> >                  i += text[i] + 1;
> > +                if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > +                    return AVERROR_INVALIDDATA;
> >                  av_log (s, AV_LOG_DEBUG, "  fronsay: %s\n", &text[i + 1]);
> >              }
> 
> It could be probably factorized/macrotized and some error feedback
> added,

its just debug code, so iam not sure if prettyfying this makes sense
but if someone wants to factorize it, sure why not


> but LGTM.

applied

thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Democracy is the form of government in which you can choose your dictator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20131229/0460c3d0/attachment.asc>


More information about the ffmpeg-devel mailing list