diff mbox series

[FFmpeg-devel,7/8] avcodec/srtdec: do not overread if zero padding is missing

Message ID 20210313213345.3268-7-cus@passwd.hu
State New
Headers show
Series [FFmpeg-devel,1/8] avcodec/assdec: do not overread if zero padding is missing
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Marton Balint March 13, 2021, 9:33 p.m. UTC
Signed-off-by: Marton Balint <cus@passwd.hu>
---
 libavcodec/srtdec.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libavcodec/srtdec.c b/libavcodec/srtdec.c
index 98f84ac673..37fb0d3173 100644
--- a/libavcodec/srtdec.c
+++ b/libavcodec/srtdec.c
@@ -62,6 +62,7 @@  static int srt_decode_frame(AVCodecContext *avctx,
     buffer_size_t size;
     const uint8_t *p = av_packet_get_side_data(avpkt, AV_PKT_DATA_SUBTITLE_POSITION, &size);
     FFASSDecoderContext *s = avctx->priv_data;
+    char *dup;
 
     if (p && size == 16) {
         x1 = AV_RL32(p     );
@@ -73,12 +74,17 @@  static int srt_decode_frame(AVCodecContext *avctx,
     if (avpkt->size <= 0)
         return avpkt->size;
 
+    dup = av_strndup(avpkt->data, avpkt->size);
+    if (!dup)
+        return AVERROR(ENOMEM);
+
     av_bprint_init(&buffer, 0, AV_BPRINT_SIZE_UNLIMITED);
 
-    ret = srt_to_ass(avctx, &buffer, avpkt->data, x1, y1, x2, y2);
+    ret = srt_to_ass(avctx, &buffer, dup, x1, y1, x2, y2);
     if (ret >= 0)
         ret = ff_ass_add_rect(sub, buffer.str, s->readorder++, 0, NULL, NULL);
     av_bprint_finalize(&buffer, NULL);
+    av_free(dup);
     if (ret < 0)
         return ret;