diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-13 02:31:59 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-15 17:39:04 +0100 |
commit | a7dea6f2cdce5877845b5cce810e3784628f9388 (patch) | |
tree | f8e96afa5647485c6629b5bfc64b3253105692c3 | |
parent | 8419971a42a84e6e72d498a4c2e3c91ea604d881 (diff) | |
download | ffmpeg-a7dea6f2cdce5877845b5cce810e3784628f9388.tar.gz |
avformat/aviobuf: Fix end check in put_str16()
Fixes out of array read
Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 115fb6d03ef6310732b42258d8c3cd1839cfb74b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/aviobuf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 4ce18e4d17..20621baa0c 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -358,6 +358,8 @@ int avio_put_str16le(AVIOContext *s, const char *str) invalid: av_log(s, AV_LOG_ERROR, "Invaid UTF8 sequence in avio_put_str16le\n"); err = AVERROR(EINVAL); + if (!*(q-1)) + break; } avio_wl16(s, 0); if (err) |