[vlc-commits] textst: Fix potential buffer overflow

Hugo Beauzée-Luyssen git at videolan.org
Thu May 23 17:20:56 CEST 2019


vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Thu Feb 28 14:54:44 2019 +0100| [6f8e90c21c102dc4653d4f0adc6cffc53fcddba1] | committer: Hugo Beauzée-Luyssen

textst: Fix potential buffer overflow

https://hackerone.com/reports/503242

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6f8e90c21c102dc4653d4f0adc6cffc53fcddba1
---

 modules/codec/textst.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/codec/textst.c b/modules/codec/textst.c
index 567f97edf0..a74d9a930b 100644
--- a/modules/codec/textst.c
+++ b/modules/codec/textst.c
@@ -75,6 +75,8 @@ static size_t textst_FillRegion(decoder_t *p_dec, const uint8_t *p_data, size_t
      /*   forced_on_flag b1 */
      /*   ? b6 */
 
+     assert( i_data >= 4 );
+
      //uint8_t region_style_id_ref = p_data[1];
      uint16_t i_data_length = GetWBE(&p_data[2]);
 
@@ -211,7 +213,7 @@ static void textst_FillRegions(decoder_t *p_dec, const uint8_t *p_data, size_t i
         uint8_t i_region_count = p_data[0];
         p_data++; i_data--;
 
-        for(uint8_t i=0; i<i_region_count && i_data > 0; i++)
+        for(uint8_t i=0; i<i_region_count && i_data > 4; i++)
         {
             if(*pp_last == NULL)
             {



More information about the vlc-commits mailing list