[FFmpeg-cvslog] mov: fix a possible invalid read in mov_read_mac_string()
    Anton Khirnov 
    git at videolan.org
       
    Sat Apr 29 13:51:38 EEST 2017
    
    
  
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sat Dec 17 14:17:20 2016 +0100| [46191a2da16f751e53d93646ae1388d421d12bee] | committer: Anton Khirnov
mov: fix a possible invalid read in mov_read_mac_string()
When the input string is too large, so the second condition in if ()
fails, the code will erroneously execute the else branch, indexing the
mac_to_unicode table with a negative index.
CC: libav-stable at libav.org
Bug-Id: 1000
Found-By: Kamil Frankowicz
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46191a2da16f751e53d93646ae1388d421d12bee
---
 libavformat/mov.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7fe639dd5e..ed10a15625 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -161,7 +161,11 @@ static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
 
     for (i = 0; i < len; i++) {
         uint8_t t, c = avio_r8(pb);
-        if (c < 0x80 && p < end)
+
+        if (p >= end)
+            continue;
+
+        if (c < 0x80)
             *p++ = c;
         else
             PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
    
    
More information about the ffmpeg-cvslog
mailing list