mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
lavf/mov.c: Allocate buffer in case of long metadata entries.
Fixes ticket #4018 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
04a4fb81b3
commit
f31445a82d
@ -262,10 +262,11 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
#ifdef MOV_EXPORT_ALL_METADATA
|
||||
char tmp_key[5];
|
||||
#endif
|
||||
char str[1024], key2[16], language[4] = {0};
|
||||
char key2[16], language[4] = {0};
|
||||
char *str = NULL;
|
||||
const char *key = NULL;
|
||||
uint16_t langcode = 0;
|
||||
uint32_t data_type = 0, str_size;
|
||||
uint32_t data_type = 0, str_size, str_size_alloc;
|
||||
int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
|
||||
|
||||
switch (atom.type) {
|
||||
@ -354,18 +355,21 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
}
|
||||
#endif
|
||||
|
||||
str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
|
||||
str = av_malloc(str_size_alloc);
|
||||
if (!str)
|
||||
return AVERROR(ENOMEM);
|
||||
|
||||
if (!key)
|
||||
return 0;
|
||||
if (atom.size < 0)
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
||||
str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);
|
||||
|
||||
if (parse)
|
||||
parse(c, pb, str_size, key);
|
||||
else {
|
||||
if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff))) { // MAC Encoded
|
||||
mov_read_mac_string(c, pb, str_size, str, sizeof(str));
|
||||
mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
|
||||
} else {
|
||||
int ret = avio_read(pb, str, str_size);
|
||||
if (ret != str_size)
|
||||
@ -381,7 +385,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
}
|
||||
av_dlog(c->fc, "lang \"%3s\" ", language);
|
||||
av_dlog(c->fc, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n",
|
||||
key, str, (char*)&atom.type, str_size, atom.size);
|
||||
key, str, (char*)&atom.type, str_size_alloc, atom.size);
|
||||
|
||||
av_freep(&str);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user