[FFmpeg-devel] [PATCH 5/8] avcodec/subviewerdec: do not overread if zero padding is missing
Marton Balint
cus at passwd.hu
Sat Mar 13 23:33:42 EET 2021
Signed-off-by: Marton Balint <cus at passwd.hu>
---
libavcodec/subviewerdec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/subviewerdec.c b/libavcodec/subviewerdec.c
index 805c7dd547..1016ac7ada 100644
--- a/libavcodec/subviewerdec.c
+++ b/libavcodec/subviewerdec.c
@@ -28,10 +28,10 @@
#include "ass.h"
#include "libavutil/bprint.h"
-static int subviewer_event_to_ass(AVBPrint *buf, const char *p)
+static int subviewer_event_to_ass(AVBPrint *buf, const char *p, const char *pend)
{
- while (*p) {
- if (!strncmp(p, "[br]", 4)) {
+ while (p < pend && *p) {
+ if (pend - p >= 4 && !strncmp(p, "[br]", 4)) {
av_bprintf(buf, "\\N");
p += 4;
} else {
@@ -56,7 +56,7 @@ static int subviewer_decode_frame(AVCodecContext *avctx,
AVBPrint buf;
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
- if (ptr && avpkt->size > 0 && !subviewer_event_to_ass(&buf, ptr))
+ if (ptr && avpkt->size > 0 && !subviewer_event_to_ass(&buf, ptr, ptr + avpkt->size))
ret = ff_ass_add_rect(sub, buf.str, s->readorder++, 0, NULL, NULL);
av_bprint_finalize(&buf, NULL);
if (ret < 0)
--
2.26.2
More information about the ffmpeg-devel
mailing list