[vlc-commits] Subtitle: fix off-by-one error during allocation before call to sscanf
Felix Abecassis
git at videolan.org
Wed Feb 26 19:47:03 CET 2014
vlc | branch: master | Felix Abecassis <felix.abecassis at gmail.com> | Wed Feb 26 18:36:13 2014 +0100| [d839410aadd7b407525293332733ab6aed6be9a4] | committer: Ilkka Ollakka
Subtitle: fix off-by-one error during allocation before call to sscanf
Fix a crash when parsing subtitles. From the man page of sscanf:
"the next pointer must be a pointer to character array that is long
enough to hold the input sequence and the terminating null byte"
Signed-off-by: Ilkka Ollakka <ileoo at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=d839410aadd7b407525293332733ab6aed6be9a4
---
modules/demux/subtitle.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/demux/subtitle.c b/modules/demux/subtitle.c
index 2a7c191..29922cc 100644
--- a/modules/demux/subtitle.c
+++ b/modules/demux/subtitle.c
@@ -1012,8 +1012,8 @@ static int subtitle_ParseSubRipTiming( subtitle_t *p_subtitle,
{
int i_result = VLC_EGENERIC;
char *psz_start, *psz_stop;
- psz_start = malloc( strlen(s) );
- psz_stop = malloc( strlen(s) );
+ psz_start = malloc( strlen(s) + 1 );
+ psz_stop = malloc( strlen(s) + 1 );
if( sscanf( s, "%s --> %s", psz_start, psz_stop) == 2 &&
subtitle_ParseSubRipTimingValue( &p_subtitle->i_start, psz_start ) == VLC_SUCCESS &&
More information about the vlc-commits
mailing list