From patchwork Thu Jun 8 21:53:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 3872 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.10.2 with SMTP id 2csp3060388vsk; Thu, 8 Jun 2017 14:54:20 -0700 (PDT) X-Received: by 10.223.143.11 with SMTP id p11mr26790390wrb.3.1496958860050; Thu, 08 Jun 2017 14:54:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1496958860; cv=none; d=google.com; s=arc-20160816; b=E3JHgW2qi8kRbryDAaqDJ3ay69cD0DEjf9ug1xP791JCMizbeWiwvQvo8i5PClcLRs WdoI2qpt04Ofo/sSd3XNKWgaLpVl7FaHi35HUV5KJKXjH4CWAaYLK8WodcgHCLaBiYbc 8M7VLBnh/V+OkfVjVfhj25d1158iA8CrDv/myI86Nf1P0158VPMx4LjptX4Y8CjcImha zhl2UbZaApTr3l2Z5JxSzspO0O935nz79I2NfumZV0v8DZs7UzztypWJHyKhfZtrV6V8 HUXjcRSH0aZ5iIqxel6EPi6L3dtnkVCCP4LIFbmPIZHjBcX/0OkZJ7xz/pMunJVQ8m29 0Vyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to :arc-authentication-results; bh=beOvYVM9uBoQ1otc0K37IIPjG9fUagNvFw4sbt5Axi4=; b=HuJAAeytlYdVyrH/Nb+KppgNh8vRANLfnVN1eEQzWHHEY0gUt9+JL/1SyhLhcsYz6P CAYa9Jbij/3thrX5LnwfsLK9U0AU3lfe+B2xCNM3ZW67OCbRSUDQqrV2HhyyHwXY4MQ7 cpBhVXnHVvJp0Ji1jz8h7RkdjdHRcnuaRrEbUPs98WkOWqnbJqGQIfqYo/zGmOF2M3BE qGMUscMNo40KFgoeiqXpFG5XyjXbMBRB2KwO2Xbyju4QMSIxmpria/TGLO9znXM6W1lO o7/+/kwCGYClu4UucQwYXmH3hPDp+XX6I64kzLH+dsIj2csqSVg0Do+s2s9VsFUs4mPb 0O4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 32si6067654wrf.313.2017.06.08.14.54.19; Thu, 08 Jun 2017 14:54:20 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 35DA8689C7D; Fri, 9 Jun 2017 00:54:09 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-qmta-pe02-1.mx.upcmail.net (vie01a-qmta-pe02-1.mx.upcmail.net [62.179.121.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 083D9688288 for ; Fri, 9 Jun 2017 00:54:06 +0300 (EEST) Received: from [172.31.218.35] (helo=vie01a-dmta-pe02-2.mx.upcmail.net) by vie01a-pqmta-pe02.mx.upcmail.net with esmtp (Exim 4.88) (envelope-from ) id 1dJ5NW-0006nn-3z for ffmpeg-devel@ffmpeg.org; Thu, 08 Jun 2017 23:54:06 +0200 Received: from [172.31.216.43] (helo=vie01a-pemc-psmtp-pe01) by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.88) (envelope-from ) id 1dJ5NQ-0001hR-53 for ffmpeg-devel@ffmpeg.org; Thu, 08 Jun 2017 23:54:00 +0200 Received: from localhost ([213.47.41.20]) by vie01a-pemc-psmtp-pe01 with SMTP @ mailcloud.upcmail.net id WMtw1v02D0S5wYM01Mtxun; Thu, 08 Jun 2017 23:53:58 +0200 X-SourceIP: 213.47.41.20 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Thu, 8 Jun 2017 23:53:55 +0200 Message-Id: <20170608215356.23864-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.13.0 Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/htmlsubtitles: Protect very slow redundant sscanf() calls by optimized use of strchr() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes Timeout Fixes: 2127/clusterfuzz-testcase-minimized-6595787859427328 Signed-off-by: Michael Niedermayer --- libavcodec/htmlsubtitles.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c index 16295daa0c..ba4f269b3f 100644 --- a/libavcodec/htmlsubtitles.c +++ b/libavcodec/htmlsubtitles.c @@ -56,6 +56,7 @@ int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in) char *param, buffer[128], tmp[128]; int len, tag_close, sptr = 1, line_start = 1, an = 0, end = 0; SrtStack stack[16]; + const char *next_closep = NULL; stack[0].tag[0] = 0; strcpy(stack[0].param[PARAM_SIZE], "{\\fs}"); @@ -83,8 +84,15 @@ int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in) and all microdvd like styles such as {Y:xxx} */ len = 0; an += sscanf(in, "{\\an%*1u}%n", &len) >= 0 && len > 0; - if ((an != 1 && (len = 0, sscanf(in, "{\\%*[^}]}%n", &len) >= 0 && len > 0)) || - (len = 0, sscanf(in, "{%*1[CcFfoPSsYy]:%*[^}]}%n", &len) >= 0 && len > 0)) { + + if(!next_closep || next_closep <= in) { + next_closep = strchr(in+1, '}'); + if (!next_closep) + next_closep = in + strlen(in); + } + + if (*next_closep == '}' && (an != 1 && (len = 0, sscanf(in, "{\\%*[^}]}%n", &len) >= 0 && len > 0)) || + *next_closep == '}' && (len = 0, sscanf(in, "{%*1[CcFfoPSsYy]:%*[^}]}%n", &len) >= 0 && len > 0)) { in += len - 1; } else av_bprint_chars(dst, *in, 1);