[FFmpeg-devel] [PATCH 3/8] avcodec/mpl2dec: do not overread if zero padding is missing
Marton Balint
cus at passwd.hu
Sat Mar 13 23:33:40 EET 2021
Signed-off-by: Marton Balint <cus at passwd.hu>
---
libavcodec/mpl2dec.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libavcodec/mpl2dec.c b/libavcodec/mpl2dec.c
index 409e4b3708..efeecb0d64 100644
--- a/libavcodec/mpl2dec.c
+++ b/libavcodec/mpl2dec.c
@@ -29,15 +29,15 @@
#include "ass.h"
#include "libavutil/bprint.h"
-static int mpl2_event_to_ass(AVBPrint *buf, const char *p)
+static int mpl2_event_to_ass(AVBPrint *buf, const char *p, const char *pend)
{
if (*p == ' ')
p++;
- while (*p) {
+ while (p < pend && *p) {
int got_style = 0;
- while (*p && strchr("/\\_", *p)) {
+ while (p < pend && *p && strchr("/\\_", *p)) {
if (*p == '/') av_bprintf(buf, "{\\i1}");
else if (*p == '\\') av_bprintf(buf, "{\\b1}");
else if (*p == '_') av_bprintf(buf, "{\\u1}");
@@ -45,13 +45,13 @@ static int mpl2_event_to_ass(AVBPrint *buf, const char *p)
p++;
}
- while (*p && *p != '|') {
+ while (p < pend && *p && *p != '|') {
if (*p != '\r' && *p != '\n')
av_bprint_chars(buf, *p, 1);
p++;
}
- if (*p == '|') {
+ if (p < pend && *p == '|') {
if (got_style)
av_bprintf(buf, "{\\r}");
av_bprintf(buf, "\\N");
@@ -72,7 +72,7 @@ static int mpl2_decode_frame(AVCodecContext *avctx, void *data,
FFASSDecoderContext *s = avctx->priv_data;
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
- if (ptr && avpkt->size > 0 && *ptr && !mpl2_event_to_ass(&buf, ptr))
+ if (ptr && avpkt->size > 0 && *ptr && !mpl2_event_to_ass(&buf, ptr, ptr + avpkt->size))
ret = ff_ass_add_rect(sub, buf.str, s->readorder++, 0, NULL, NULL);
av_bprint_finalize(&buf, NULL);
if (ret < 0)
--
2.26.2
More information about the ffmpeg-devel
mailing list