[FFmpeg-devel] [PATCH 2/2] avformat/wc3movie: Check strings before printing.
Michael Niedermayer
michaelni at gmx.at
Sun Dec 29 16:32:59 CET 2013
On Sun, Dec 22, 2013 at 10:15:23PM +0100, Stefano Sabatini wrote:
> On date Saturday 2013-12-21 17:18:43 +0100, Michael Niedermayer encoded:
> > Fixes use of uninitialized memory
> > Fixes: msan_uninit-mem_7f7812ca062f_2812_SC_32_part.MVE
> > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> > Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> > ---
> > libavformat/wc3movie.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
> > index 657380a..408c050 100644
> > --- a/libavformat/wc3movie.c
> > +++ b/libavformat/wc3movie.c
> > @@ -27,6 +27,7 @@
> > * http://www.pcisys.net/~melanson/codecs/
> > */
> >
> > +#include "libavutil/avstring.h"
> > #include "libavutil/channel_layout.h"
> > #include "libavutil/intreadwrite.h"
> > #include "libavutil/dict.h"
> > @@ -249,10 +250,16 @@ static int wc3_read_packet(AVFormatContext *s,
> > else {
> > int i = 0;
> > av_log (s, AV_LOG_DEBUG, "Subtitle time!\n");
> > + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > + return AVERROR_INVALIDDATA;
> > av_log (s, AV_LOG_DEBUG, " inglish: %s\n", &text[i + 1]);
> > i += text[i] + 1;
> > + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > + return AVERROR_INVALIDDATA;
> > av_log (s, AV_LOG_DEBUG, " doytsch: %s\n", &text[i + 1]);
> > i += text[i] + 1;
> > + if (i >= size || av_strnlen(&text[i + 1], size - i - 1) >= size - i - 1)
> > + return AVERROR_INVALIDDATA;
> > av_log (s, AV_LOG_DEBUG, " fronsay: %s\n", &text[i + 1]);
> > }
>
> It could be probably factorized/macrotized and some error feedback
> added,
its just debug code, so iam not sure if prettyfying this makes sense
but if someone wants to factorize it, sure why not
> but LGTM.
applied
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Democracy is the form of government in which you can choose your dictator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20131229/0460c3d0/attachment.asc>
More information about the ffmpeg-devel
mailing list