[vlc-commits] textst: Fix potential buffer overflow
Hugo Beauzée-Luyssen
git at videolan.org
Thu May 23 17:20:56 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Thu Feb 28 14:54:44 2019 +0100| [6f8e90c21c102dc4653d4f0adc6cffc53fcddba1] | committer: Hugo Beauzée-Luyssen
textst: Fix potential buffer overflow
https://hackerone.com/reports/503242
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6f8e90c21c102dc4653d4f0adc6cffc53fcddba1
---
modules/codec/textst.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/codec/textst.c b/modules/codec/textst.c
index 567f97edf0..a74d9a930b 100644
--- a/modules/codec/textst.c
+++ b/modules/codec/textst.c
@@ -75,6 +75,8 @@ static size_t textst_FillRegion(decoder_t *p_dec, const uint8_t *p_data, size_t
/* forced_on_flag b1 */
/* ? b6 */
+ assert( i_data >= 4 );
+
//uint8_t region_style_id_ref = p_data[1];
uint16_t i_data_length = GetWBE(&p_data[2]);
@@ -211,7 +213,7 @@ static void textst_FillRegions(decoder_t *p_dec, const uint8_t *p_data, size_t i
uint8_t i_region_count = p_data[0];
p_data++; i_data--;
- for(uint8_t i=0; i<i_region_count && i_data > 0; i++)
+ for(uint8_t i=0; i<i_region_count && i_data > 4; i++)
{
if(*pp_last == NULL)
{
More information about the vlc-commits
mailing list