From 138902dfb60fbb87fb65a8c4800f8ac661394b72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= <u@pkh.me>
Date: Sat, 4 Oct 2014 12:22:37 +0200
Subject: [PATCH] avformat/assdec: make sure pos is initialized

Fixes use of uninitialized memory
Fixes: signal_sigsegv_504fb0_10_signal_sigsegv_504fb0_343_mewmew_ssa.avi

Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
---
 libavformat/assdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/assdec.c b/libavformat/assdec.c
index ba7bc8b787..87ce2f25ee 100644
--- a/libavformat/assdec.c
+++ b/libavformat/assdec.c
@@ -57,14 +57,14 @@ static int ass_read_close(AVFormatContext *s)
 static int read_dialogue(ASSContext *ass, AVBPrint *dst, const uint8_t *p,
                          int64_t *start, int *duration)
 {
-    int pos;
+    int pos = 0;
     int64_t end;
     int hh1, mm1, ss1, ms1;
     int hh2, mm2, ss2, ms2;
 
     if (sscanf(p, "Dialogue: %*[^,],%d:%d:%d%*c%d,%d:%d:%d%*c%d,%n",
                &hh1, &mm1, &ss1, &ms1,
-               &hh2, &mm2, &ss2, &ms2, &pos) >= 8) {
+               &hh2, &mm2, &ss2, &ms2, &pos) >= 8 && pos > 0) {
 
         /* This is not part of the sscanf itself in order to handle an actual
          * number (which would be the Layer) or the form "Marked=N" (which is