har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mov: Prevent illegal writes when chapter titles are very short.

Browse Source
This commit is contained in:
Alex Converse 2011-10-13 14:47:06 -07:00
parent f492df0927
commit 8fb22c3d47
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
libavformat/mov.c
View File

@ -2369,14 +2369,21 @@ static void mov_read_chapters(AVFormatContext *s)
// The samples could theoretically be in any encoding if there's an encd // The samples could theoretically be in any encoding if there's an encd
// atom following, but in practice are only utf-8 or utf-16, distinguished // atom following, but in practice are only utf-8 or utf-16, distinguished
// instead by the presence of a BOM // instead by the presence of a BOM
ch = avio_rb16(sc->pb); if (!len) {
if (ch == 0xfeff) title[0] = 0;
avio_get_str16be(sc->pb, len, title, title_len); } else {
else if (ch == 0xfffe) ch = avio_rb16(sc->pb);
avio_get_str16le(sc->pb, len, title, title_len); if (ch == 0xfeff)
else { avio_get_str16be(sc->pb, len, title, title_len);
AV_WB16(title, ch); else if (ch == 0xfffe)
avio_get_str(sc->pb, len - 2, title + 2, title_len - 2); avio_get_str16le(sc->pb, len, title, title_len);
else {
AV_WB16(title, ch);
if (len == 1 || len == 2)
title[len] = '0';
else
avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
}
} }
ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title); ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title);