[vlc-commits] [Git][videolan/vlc][master] 2 commits: demux: subtitle: return early on string parsing error

Steve Lhomme (@robUx4) gitlab at videolan.org
Wed Aug 13 09:13:19 UTC 2025 


Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
ce80011d by Steve Lhomme at 2025-08-13T08:29:27+00:00
demux: subtitle: return early on string parsing error

- - - - -
751508b8 by Steve Lhomme at 2025-08-13T08:29:27+00:00
demux: subtitle: checked the parsed strings have usable values

Fixes #29045

- - - - -


1 changed file:

- modules/demux/subtitle.c


Changes:

=====================================
modules/demux/subtitle.c
=====================================
@@ -39,6 +39,7 @@
 #include <ctype.h>
 #include <math.h>
 #include <assert.h>
+#include <stdckdint.h>
 
 #include <vlc_demux.h>
 #include <vlc_charset.h>
@@ -1194,16 +1195,28 @@ static int subtitle_ParseSubViewerTiming( subtitle_t *p_subtitle,
     int h1, m1, s1, d1, h2, m2, s2, d2;
 
     if( sscanf( s, "%d:%d:%d.%d,%d:%d:%d.%d",
-                &h1, &m1, &s1, &d1, &h2, &m2, &s2, &d2) == 8 )
-    {
-        p_subtitle->i_start = vlc_tick_from_sec( h1 * 3600 + m1 * 60 + s1) +
-                              VLC_TICK_FROM_MS( d1 ) + VLC_TICK_0;
+                &h1, &m1, &s1, &d1, &h2, &m2, &s2, &d2) != 8 )
+        return VLC_EGENERIC;
 
-        p_subtitle->i_stop  = vlc_tick_from_sec( h2 * 3600 + m2 * 60 + s2 ) +
-                              VLC_TICK_FROM_MS( d2 ) + VLC_TICK_0;
-        return VLC_SUCCESS;
-    }
-    return VLC_EGENERIC;
+    int64_t sec, ms, total;
+    if (ckd_mul(&sec, h1, 3600) ||
+        ckd_mul(&ms,  m1, 60) ||
+        ckd_add(&total, sec, ms) ||
+        ckd_add(&total, total, s1))
+        return VLC_EINVAL;
+
+    p_subtitle->i_start = vlc_tick_from_sec( total ) +
+                          VLC_TICK_FROM_MS( d1 ) + VLC_TICK_0;
+
+    if (ckd_mul(&sec, h2, 3600) ||
+        ckd_mul(&ms,  m2, 60) ||
+        ckd_add(&total, sec, ms) ||
+        ckd_add(&total, total, s2))
+        return VLC_EINVAL;
+
+    p_subtitle->i_stop  = vlc_tick_from_sec( total ) +
+                          VLC_TICK_FROM_MS( d2 ) + VLC_TICK_0;
+    return VLC_SUCCESS;
 }
 
 /* ParseSubViewer



View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/d5ab4348ed214174c2f3c50549c7e28acda3b223...751508b85c43313fc262f5274871e9cc1c7a9ec3

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/d5ab4348ed214174c2f3c50549c7e28acda3b223...751508b85c43313fc262f5274871e9cc1c7a9ec3
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance

More information about the vlc-commits mailing list