[FFmpeg-devel] [PATCH 1/2] avcodec/movtextenc: Check for too many styles
Guo, Yejun
yejun.guo at intel.com
Sun Feb 21 06:08:00 EET 2021
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of
> Andreas Rheinhardt
> Sent: 2021年2月21日 9:41
> To: ffmpeg-devel at ffmpeg.org
> Cc: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/movtextenc: Check for too many
> styles
>
> The counter for the number of styles is written on two bytes, ergo anything >
> UINT16_MAX is invalid. This also fixes a compiler warning because of a
> tautologically true check on 64bit systems.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> A better solution would be to error out as soon as the byte length of a subtitle
> exceeds UINT16_MAX; yet for this one would have to modify all of ass_split to
> allow the callbacks to return errors.
>
> libavcodec/movtextenc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c index
> 1bef21e0b9..cf30adbd0a 100644
> --- a/libavcodec/movtextenc.c
> +++ b/libavcodec/movtextenc.c
> @@ -355,7 +355,7 @@ static int mov_text_style_start(MovTextContext *s)
> StyleBox *tmp;
>
> // last style != defaults, end the style entry and start a new one
> - if (s->count + 1 > SIZE_MAX / sizeof(*s->style_attributes) ||
> + if (s->count + 1 > FFMIN(SIZE_MAX /
> + sizeof(*s->style_attributes), UINT16_MAX) ||
hi, logically, I think the result of FFMIN(SIZE_MAX / sizeof(*s->style_attributes), UINT16_MAX) is always UINT16_MAX, we may just use 's->count + 1 > UINT16_MAX'.
> !(tmp = av_fast_realloc(s->style_attributes,
>
> &s->style_attributes_bytes_allocated,
> (s->count + 1) *
> sizeof(*s->style_attributes)))) {
> --
> 2.27.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email ffmpeg-devel-request at ffmpeg.org
> with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list