[vlc-commits] codec/subsusf: prevent heap-use-after-free / leak
Filip Roséen
git at videolan.org
Tue Feb 21 13:48:41 CET 2017
vlc | branch: master | Filip Roséen <filip at atch.se> | Mon Feb 20 15:00:57 2017 +0100| [60431f662e65e291b81ff022f364e7dbfde6a291] | committer: Jean-Baptiste Kempf
codec/subsusf: prevent heap-use-after-free / leak
The memcpy used will of course make p_ssa_style and p_default_style
refer to the same text_style_t, resulting in a use-after-free during
clean-up (as well as a leak due to the original p_ssa_style->p_style
being lost).
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=60431f662e65e291b81ff022f364e7dbfde6a291
---
modules/codec/subsusf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/modules/codec/subsusf.c b/modules/codec/subsusf.c
index 8360db6..d8a9519 100644
--- a/modules/codec/subsusf.c
+++ b/modules/codec/subsusf.c
@@ -630,12 +630,17 @@ static void ParseUSFHeaderTags( decoder_t *p_dec, xml_reader_t *p_xml_reader )
if( !strcasecmp( p_sys->pp_ssa_styles[i]->psz_stylename, "Default" ) )
{
ssa_style_t *p_default_style = p_sys->pp_ssa_styles[i];
+ text_style_t *p_orig_text_style = p_ssa_style->p_style;
memcpy( p_ssa_style, p_default_style, sizeof( ssa_style_t ) );
+
+ // reset data-members that are not to be overwritten
+ p_ssa_style->p_style = p_orig_text_style;
+ p_ssa_style->psz_stylename = NULL;
+
//FIXME: Make font_style a pointer. Actually we double copy some data here,
// we use text_style_Copy to avoid copying psz_fontname, though .
text_style_Copy( p_ssa_style->p_style, p_default_style->p_style );
- p_ssa_style->psz_stylename = NULL;
}
}
More information about the vlc-commits
mailing list