[FFmpeg-devel] [PATCH 1/2] avcodec/movtextenc: Check for too many styles
Philip Langdale
philipl at overt.org
Tue Feb 23 19:42:36 EET 2021
On Tue, 23 Feb 2021 12:16:53 +0100
Andreas Rheinhardt <andreas.rheinhardt at gmail.com> wrote:
> Andreas Rheinhardt:
> > The counter for the number of styles is written on two bytes, ergo
> > anything > UINT16_MAX is invalid. This also fixes a compiler warning
> > because of a tautologically true check on 64bit systems.
> >
> > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> > ---
> > A better solution would be to error out as soon as the byte length
> > of a subtitle exceeds UINT16_MAX; yet for this one would have to
> > modify all of ass_split to allow the callbacks to return errors.
> >
> > libavcodec/movtextenc.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
> > index 1bef21e0b9..cf30adbd0a 100644
> > --- a/libavcodec/movtextenc.c
> > +++ b/libavcodec/movtextenc.c
> > @@ -355,7 +355,7 @@ static int mov_text_style_start(MovTextContext
> > *s) StyleBox *tmp;
> >
> > // last style != defaults, end the style entry and start a
> > new one
> > - if (s->count + 1 > SIZE_MAX / sizeof(*s->style_attributes)
> > ||
> > + if (s->count + 1 > FFMIN(SIZE_MAX /
> > sizeof(*s->style_attributes), UINT16_MAX) || !(tmp =
> > av_fast_realloc(s->style_attributes,
> > &s->style_attributes_bytes_allocated, (s->count + 1) *
> > sizeof(*s->style_attributes)))) {
> Will apply this patchset tomorrow unless there are objections.
>
Looks fine. Thanks!
--phil
More information about the ffmpeg-devel
mailing list