[vlc-commits] codec/substtml: prevent crash on empty attributes

[Filip Roséen]

vlc | branch: master | Filip Roséen <filip at atch.se> | Mon Sep 19 23:53:34 2016 +0200| [aa2c185358436f9efef3d1d74b79c2b988a3f2e9] | committer: Hugo Beauzée-Luyssen

codec/substtml: prevent crash on empty attributes

The previous implementation assumed that an attribute would always
have at least one specified region/style, which is not always the
case.

An attribute's value of zero-length, or one that contains only spaces,
would make strtok_r return NULL - resulting in undefined-behavior
further down the road.

In order to prevent these issues, an additional branch has been
introduced to warn if such attributes are found, and simply ignore
them.

fixes #17405

Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=aa2c185358436f9efef3d1d74b79c2b988a3f2e9
---

 modules/codec/substtml.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/codec/substtml.c b/modules/codec/substtml.c
index 8d5e3a3..2a45269 100644
--- a/modules/codec/substtml.c
+++ b/modules/codec/substtml.c
@@ -264,6 +264,16 @@ static ttml_style_t* ParseTTMLStyle( decoder_t *p_dec, xml_reader_t* p_reader, c
                 }
 
                 char *token = strtok_r( value , " ", &tmp );
+
+                if( token == NULL )
+                {
+                    msg_Warn( p_dec, "No IDREF specified in attribute "
+                                     "'%s' on tag '%s', ignoring.", attr,
+                                     psz_node_name );
+                    free( value );
+                    continue;
+                }
+
                 ttml_style_t* p_style = FindTextStyle( p_dec, token );
                 if( p_style == NULL )
                 {