[FFmpeg-devel] [PATCH 1/1] avformat/assenc: avoid incorrect copy of null terminator

Tim Angus tim at ngus.net
Fri Jan 27 19:20:47 EET 2023 

When writing a subtitle SSA/ASS subtitle file, the
AVCodecParameters::extradata buffer is written directly to the output.
In the case where the buffer is filled from a matroska source file
produced by some older versions of Handbrake, this buffer ends with a
null terminating character, which is then erroneously copied into the
middle of the output file. The refactoring here avoids this problem by
copying the source buffer, manually null terminating it, then treating
it as a string rather than a raw buffer. This way it is agnostic as to
whether the source buffer was null terminated or not.

Signed-off-by: Tim Angus <tim at ngus.net>
---
 libavformat/assenc.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/libavformat/assenc.c b/libavformat/assenc.c
index 1600f0a02b..4c9ea6f982 100644
--- a/libavformat/assenc.c
+++ b/libavformat/assenc.c
@@ -24,6 +24,7 @@
 #include "internal.h"
 
 #include "libavutil/opt.h"
+#include "libavutil/mem.h"
 
 typedef struct DialogueLine {
     int readorder;
@@ -55,6 +56,7 @@ static int write_header(AVFormatContext *s)
     avpriv_set_pts_info(s->streams[0], 64, 1, 100);
     if (par->extradata_size > 0) {
         size_t header_size = par->extradata_size;
+        char *header_string = NULL;
         uint8_t *trailer = strstr(par->extradata, "\n[Events]");
 
         if (trailer)
@@ -69,9 +71,20 @@ static int write_header(AVFormatContext *s)
                 ass->trailer = trailer;
         }
 
-        avio_write(s->pb, par->extradata, header_size);
-        if (par->extradata[header_size - 1] != '\n')
-            avio_write(s->pb, "\r\n", 2);
+        header_string = av_malloc(header_size + 1);
+        if (!header_string)
+            return AVERROR(ENOMEM);
+
+        memcpy(header_string, par->extradata, header_size);
+        header_string[header_size] = 0;
+
+        avio_printf(s->pb, "%s", header_string);
+
+        if (header_string[strlen(header_string) - 1] != '\n')
+            avio_printf(s->pb, "\r\n");
+
+        av_free(header_string);
+
         ass->ssa_mode = !strstr(par->extradata, "\n[V4+ Styles]");
         if (!strstr(par->extradata, "\n[Events]"))
             avio_printf(s->pb, "[Events]\r\nFormat: %s, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text\r\n",
-- 
2.25.1

More information about the ffmpeg-devel mailing list