[vlc-commits] commit: Fixed invalid accesses in decoder with corrupted subtitles streams. (Laurent Aimar )
git at videolan.org
git at videolan.org
Thu Apr 15 18:54:41 CEST 2010
vlc/vlc-1.0 | branch: master | Laurent Aimar <fenrir at videolan.org> | Tue Feb 23 23:31:57 2010 +0100| [97e73c5d445f8180287e59e7f1051012f42e380c] | committer: Rémi Denis-Courmont
Fixed invalid accesses in decoder with corrupted subtitles streams.
(cherry picked from commit 4602023991ab63c6b47f091795cd6fa393b41c2c)
Signed-off-by: Rémi Denis-Courmont <remi at remlab.net>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.0.git/?a=commit;h=97e73c5d445f8180287e59e7f1051012f42e380c
---
modules/codec/subtitles/subsdec.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/modules/codec/subtitles/subsdec.c b/modules/codec/subtitles/subsdec.c
index 6a3612f..8fd5aa2 100644
--- a/modules/codec/subtitles/subsdec.c
+++ b/modules/codec/subtitles/subsdec.c
@@ -426,10 +426,11 @@ static subpicture_t *ParseText( decoder_t *p_dec, block_t *p_block )
}
/* Should be resiliant against bad subtitles */
- psz_subtitle = strndup( (const char *)p_block->p_buffer,
- p_block->i_buffer );
+ psz_subtitle = malloc( p_block->i_buffer + 1 );
if( psz_subtitle == NULL )
return NULL;
+ memcpy( psz_subtitle, p_block->p_buffer, p_block->i_buffer );
+ psz_subtitle[p_block->i_buffer] = '\0';
if( p_sys->iconv_handle == (vlc_iconv_t)-1 )
{
@@ -777,9 +778,13 @@ static char *CreateHtmlSubtitle( int *pi_align, char *psz_subtitle )
if( psz_attribs[ k ] == NULL )
{
/* Jump over unrecognised tag */
- int i_len = strcspn( psz_subtitle, "\"" ) + 1;
-
- i_len += strcspn( psz_subtitle + i_len, "\"" ) + 1;
+ int i_len = strcspn( psz_subtitle, "\"" );
+ if( psz_subtitle[i_len] == '\"' )
+ {
+ i_len += 1 + strcspn( &psz_subtitle[i_len + 1], "\"" );
+ if( psz_subtitle[i_len] == '\"' )
+ i_len++;
+ }
psz_subtitle += i_len;
}
while (*psz_subtitle == ' ')
More information about the vlc-commits
mailing list