har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mov: Prevent illegal writes when chapter titles are very short.

Browse Source
This commit is contained in:
Alex Converse 2011-10-13 14:47:06 -07:00
parent f492df0927
commit 8fb22c3d47
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/mov.c
View File

@ -2369,6 +2369,9 @@ static void mov_read_chapters(AVFormatContext *s)
// The samples could theoretically be in any encoding if there's an encd
// atom following, but in practice are only utf-8 or utf-16, distinguished
// instead by the presence of a BOM
if (!len) {
title[0] = 0;
} else {
ch = avio_rb16(sc->pb);
if (ch == 0xfeff)
avio_get_str16be(sc->pb, len, title, title_len);
@ -2376,8 +2379,12 @@ static void mov_read_chapters(AVFormatContext *s)
avio_get_str16le(sc->pb, len, title, title_len);
else {
AV_WB16(title, ch);
if (len == 1 || len == 2)
title[len] = '0';
else
avio_get_str(sc->pb, len - 2, title + 2, title_len - 2);
}
}
ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title);
av_freep(&title);