[FFmpeg-devel] [PATCH 8/8] avformat/assenc: do not overread if zero padding is missing
Marton Balint
cus at passwd.hu
Sat Mar 13 23:33:45 EET 2021
Signed-off-by: Marton Balint <cus at passwd.hu>
---
libavformat/assenc.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libavformat/assenc.c b/libavformat/assenc.c
index 68c3396e5a..265b5996ac 100644
--- a/libavformat/assenc.c
+++ b/libavformat/assenc.c
@@ -156,16 +156,23 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt)
ASSContext *ass = s->priv_data;
long int layer;
- char *p = pkt->data;
+ char *dup = av_strndup(pkt->data, pkt->size);
+ char *p = dup;
int64_t start = pkt->pts;
int64_t end = start + pkt->duration;
int hh1, mm1, ss1, ms1;
int hh2, mm2, ss2, ms2;
- DialogueLine *dialogue = av_mallocz(sizeof(*dialogue));
+ DialogueLine *dialogue;
- if (!dialogue)
+ if (!dup)
return AVERROR(ENOMEM);
+ dialogue = av_mallocz(sizeof(*dialogue));
+ if (!dialogue) {
+ av_free(dup);
+ return AVERROR(ENOMEM);
+ }
+
dialogue->readorder = strtol(p, &p, 10);
if (dialogue->readorder < ass->expected_readorder)
av_log(s, AV_LOG_WARNING, "Unexpected ReadOrder %d\n",
@@ -189,6 +196,8 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt)
dialogue->line = av_asprintf("%s%ld,%d:%02d:%02d.%02d,%d:%02d:%02d.%02d,%s",
ass->ssa_mode ? "Marked=" : "",
layer, hh1, mm1, ss1, ms1, hh2, mm2, ss2, ms2, p);
+ av_free(dup);
+
if (!dialogue->line) {
av_free(dialogue);
return AVERROR(ENOMEM);
--
2.26.2
More information about the ffmpeg-devel
mailing list