[vlc-devel] commit: Fixed invalid accesses in decoder with corrupted subtitles streams. (Laurent Aimar )
git version control
git at videolan.org
Wed Feb 24 00:14:15 CET 2010
vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Tue Feb 23 23:31:57 2010 +0100| [4602023991ab63c6b47f091795cd6fa393b41c2c] | committer: Laurent Aimar
Fixed invalid accesses in decoder with corrupted subtitles streams.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4602023991ab63c6b47f091795cd6fa393b41c2c
---
modules/codec/subtitles/subsdec.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/modules/codec/subtitles/subsdec.c b/modules/codec/subtitles/subsdec.c
index ab6fba2..b224316 100644
--- a/modules/codec/subtitles/subsdec.c
+++ b/modules/codec/subtitles/subsdec.c
@@ -435,10 +435,11 @@ static subpicture_t *ParseText( decoder_t *p_dec, block_t *p_block )
}
/* Should be resiliant against bad subtitles */
- psz_subtitle = strndup( (const char *)p_block->p_buffer,
- p_block->i_buffer );
+ psz_subtitle = malloc( p_block->i_buffer + 1 );
if( psz_subtitle == NULL )
return NULL;
+ memcpy( psz_subtitle, p_block->p_buffer, p_block->i_buffer );
+ psz_subtitle[p_block->i_buffer] = '\0';
if( p_sys->iconv_handle == (vlc_iconv_t)-1 )
{
@@ -794,9 +795,13 @@ static char *CreateHtmlSubtitle( int *pi_align, char *psz_subtitle )
if( psz_attribs[ k ] == NULL )
{
/* Jump over unrecognised tag */
- int i_len = strcspn( psz_subtitle, "\"" ) + 1;
-
- i_len += strcspn( psz_subtitle + i_len, "\"" ) + 1;
+ int i_len = strcspn( psz_subtitle, "\"" );
+ if( psz_subtitle[i_len] == '\"' )
+ {
+ i_len += 1 + strcspn( &psz_subtitle[i_len + 1], "\"" );
+ if( psz_subtitle[i_len] == '\"' )
+ i_len++;
+ }
psz_subtitle += i_len;
}
while (*psz_subtitle == ' ')
More information about the vlc-devel
mailing list