[vlc-commits] demux/subtitle: ParseJSS: fix out-of-bounds read

[Filip Roséen]

vlc/vlc-2.2 | branch: master | Filip Roséen <filip at atch.se> | Mon Feb 20 14:59:37 2017 +0100| [05b653355ce303ada3b5e0e645ae717fea39186c] | committer: Hugo Beauzée-Luyssen

demux/subtitle: ParseJSS: fix out-of-bounds read

The previous loop would continue until a space is found, which of course means
that it would step out of bounds if the string did not contain such.

These changes simply terminates the loop if the end of the string is reached.

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
(cherry picked from commit 181117ea2362ea2ccda69371ce8109970717d318)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>

Missing backport pointed out by: Yannay Livneh <yannayl at checkpoint.com>
                                 Omri Herscovici <omrih at checkpoint.com>
                                 Omer Gull <omergu at checkpoint.com>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=05b653355ce303ada3b5e0e645ae717fea39186c
---

 modules/demux/subtitle.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/demux/subtitle.c b/modules/demux/subtitle.c
index 6470756..3e790fd 100644
--- a/modules/demux/subtitle.c
+++ b/modules/demux/subtitle.c
@@ -1809,8 +1809,8 @@ static int ParseJSS( demux_t *p_demux, subtitle_t *p_subtitle, int i_idx )
     /* Parse the directives */
     if( isalpha( (unsigned char)*psz_text ) || *psz_text == '[' )
     {
-        while( *psz_text != ' ' )
-        { psz_text++ ;};
+        while( *psz_text && *psz_text != ' ' )
+            ++psz_text;
 
         /* Directives are NOT parsed yet */
         /* This has probably a better place in a decoder ? */