[FFmpeg-devel] [PATCH 1/2] avcodec/movtextenc: Check for too many styles
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Tue Feb 23 13:16:53 EET 2021
Andreas Rheinhardt:
> The counter for the number of styles is written on two bytes, ergo
> anything > UINT16_MAX is invalid. This also fixes a compiler warning
> because of a tautologically true check on 64bit systems.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> A better solution would be to error out as soon as the byte length of a
> subtitle exceeds UINT16_MAX; yet for this one would have to modify all
> of ass_split to allow the callbacks to return errors.
>
> libavcodec/movtextenc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
> index 1bef21e0b9..cf30adbd0a 100644
> --- a/libavcodec/movtextenc.c
> +++ b/libavcodec/movtextenc.c
> @@ -355,7 +355,7 @@ static int mov_text_style_start(MovTextContext *s)
> StyleBox *tmp;
>
> // last style != defaults, end the style entry and start a new one
> - if (s->count + 1 > SIZE_MAX / sizeof(*s->style_attributes) ||
> + if (s->count + 1 > FFMIN(SIZE_MAX / sizeof(*s->style_attributes), UINT16_MAX) ||
> !(tmp = av_fast_realloc(s->style_attributes,
> &s->style_attributes_bytes_allocated,
> (s->count + 1) * sizeof(*s->style_attributes)))) {
>
Will apply this patchset tomorrow unless there are objections.
- Andreas
More information about the ffmpeg-devel
mailing list