diff options
| author | Philip Langdale <philipl@overt.org> | 2017-04-23 10:42:25 -0700 |
|---|---|---|
| committer | Philip Langdale <philipl@overt.org> | 2017-04-23 10:46:11 -0700 |
| commit | f95c81ce104554b6860d94724a681a1bac0c4fbd (patch) | |
| tree | 841585c96174e8b4f40883b7a8ff88900a355842 | |
| parent | 6ba1c9bf7e8a92cf1977ca11ce595a5872d0ce40 (diff) | |
| download | ffmpeg-f95c81ce104554b6860d94724a681a1bac0c4fbd.tar.gz | |
avcodec/movtextenc: Ignore unmatched closing style tags
The existing code will segfault if a closing tag shows up when there
was never an opening tag. This isn't a well formed style, but it's also
not a reason to crash.
Fixes: https://trac.ffmpeg.org/ticket/6303
| -rw-r--r-- | libavcodec/movtextenc.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c index 20e01e206e..d795e317c3 100644 --- a/libavcodec/movtextenc.c +++ b/libavcodec/movtextenc.c @@ -57,6 +57,8 @@ typedef struct { } HilightcolorBox; typedef struct { + AVCodecContext *avctx; + ASSSplitContext *ass_ctx; AVBPrint buffer; StyleBox **style_attributes; @@ -187,6 +189,7 @@ static av_cold int mov_text_encode_init(AVCodecContext *avctx) }; MovTextContext *s = avctx->priv_data; + s->avctx = avctx; avctx->extradata_size = sizeof text_sample_entry; avctx->extradata = av_mallocz(avctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -247,6 +250,9 @@ static void mov_text_style_cb(void *priv, const char style, int close) s->style_attributes_temp->style_flag |= STYLE_FLAG_UNDERLINE; break; } + } else if (!s->style_attributes_temp) { + av_log(s->avctx, AV_LOG_WARNING, "Ignoring unmatched close tag\n"); + return; } else { s->style_attributes_temp->style_end = AV_RB16(&s->text_pos); av_dynarray_add(&s->style_attributes, &s->count, s->style_attributes_temp); |