RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mov: Prevent illegal writes when chapter titles are very short.

This commit is contained in:
Alex Converse 2011-10-13 14:47:06 -07:00
parent f492df0927
commit 8fb22c3d47
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
libavformat/mov.c
View File

@ -2369,14 +2369,21 @@ static void mov_read_chapters(AVFormatContext *s)
// The samples could theoretically be in any encoding if there's an encd
// atom following, but in practice are only utf-8 or utf-16, distinguished
// instead by the presence of a BOM
ch = avio_rb16(sc->pb);
if (ch == 0xfeff)
avio_get_str16be(sc->pb, len, title, title_len);
else if (ch == 0xfffe)
avio_get_str16le(sc->pb, len, title, title_len);
else {
AV_WB16(title, ch);
avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
if (!len) {
title[0] = 0;
} else {
ch = avio_rb16(sc->pb);
if (ch == 0xfeff)
avio_get_str16be(sc->pb, len, title, title_len);
else if (ch == 0xfffe)
avio_get_str16le(sc->pb, len, title, title_len);
else {
AV_WB16(title, ch);
if (len == 1 || len == 2)
title[len] = '0';
else
avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
}
}
ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title);