From 860a0810583f54ccbde912aebda8711f18eab8eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 18:23:44 +0200 Subject: [PATCH] avcodec/assenc: fix potential overread. --- libavcodec/assenc.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/assenc.c b/libavcodec/assenc.c index 7b8a540cdd..5dc3b09d65 100644 --- a/libavcodec/assenc.c +++ b/libavcodec/assenc.c @@ -80,9 +80,16 @@ static int ass_encode_frame(AVCodecContext *avctx, * will be "Marked=N" instead of the layer num, so we will * have layer=0, which is fine. */ layer = strtol(ass, &p, 10); - if (*p) p += strcspn(p, ",") + 1; // skip layer or marked - if (*p) p += strcspn(p, ",") + 1; // skip start timestamp - if (*p) p += strcspn(p, ",") + 1; // skip end timestamp + +#define SKIP_ENTRY(ptr) do { \ + char *sep = strchr(ptr, ','); \ + if (sep) \ + ptr = sep + 1; \ +} while (0) + + SKIP_ENTRY(p); // skip layer or marked + SKIP_ENTRY(p); // skip start timestamp + SKIP_ENTRY(p); // skip end timestamp snprintf(ass_line, sizeof(ass_line), "%d,%ld,%s", ++s->id, layer, p); ass_line[strcspn(ass_line, "\r\n")] = 0; ass = ass_line;