virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/htmlsubtitles: Check for string truncation and return error

Browse Source 
Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-05-06 01:42:53 +02:00
parent aaeec1c654
commit f4ae3cce64
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/htmlsubtitles.c
View File

@ -46,11 +46,12 @@ typedef struct SrtStack {
static void rstrip_spaces_buf(AVBPrint *buf)
{
if (av_bprint_is_complete(buf))
while (buf->len > 0 && buf->str[buf->len - 1] == ' ')
buf->str[--buf->len] = 0;
}
void ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in)
int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in)
{
char *param, buffer[128], tmp[128];
int len, tag_close, sptr = 1, line_start = 1, an = 0, end = 0;
@ -171,8 +172,13 @@ void ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in)
line_start = 0;
}
if (!av_bprint_is_complete(dst))
return AVERROR(ENOMEM);
while (dst->len >= 2 && !strncmp(&dst->str[dst->len - 2], "\\N", 2))
dst->len -= 2;
dst->str[dst->len] = 0;
rstrip_spaces_buf(dst);
return 0;
}

2
libavcodec/htmlsubtitles.h
View File

@ -23,6 +23,6 @@
#include "libavutil/bprint.h"
void ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in);
int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in);
#endif /* AVCODEC_HTMLSUBTITLES_H */