[FFmpeg-devel] [PATCH]lavf/mov: Fix an out-of-bound-read in mov_read_mac_string().
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue Nov 15 00:26:15 EET 2016
On 14.11.2016 14:56, Carl Eugen Hoyos wrote:
> I believe attached patch fixes an out-of-bound-read in mov_read_mac_string()
> if p<end is false and if the read character is < 0x80, see bug 989.
>
> Please comment, Carl Eugen
This patch is not necessary, the issue was fixed with commit 437f5daf0.
If (p < end) is false, the 'else if (p < end)' branch will not be entered.
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -160,7 +160,7 @@ static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
> uint8_t t, c = avio_r8(pb);
However, reusing the variable name of the MOVContext as uint8_t looks strange.
> if (c < 0x80 && p < end)
> *p++ = c;
> - else if (p < end)
> + else if (c >= 0x80 && p < end)
> PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
> }
> *p = 0;
> -- 1.7.10.4
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list