diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2014-10-30 18:16:25 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2014-11-28 18:53:11 +0100 |
commit | bc0a6add0aeaa7582d8757f80a9476a8a08f5804 (patch) | |
tree | 3e7a371af0dd010080831f1b97c894f86082e225 /libavcodec/svq1dec.c | |
parent | 3467dfed6bf363061a2f428557293807aa5ea5a6 (diff) | |
download | ffmpeg-bc0a6add0aeaa7582d8757f80a9476a8a08f5804.tar.gz |
avcodec/svq1dec: zero terminate embedded message before printing
Fixes out of array access
Fixes: asan_stack-oob_49b1e5_10_009.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91ba2efa949470e9157b652535d207a101f91e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/svq1dec.c')
-rw-r--r-- | libavcodec/svq1dec.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 5193798ea4..b1aadcde6c 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -495,7 +495,7 @@ static int svq1_decode_delta_block(AVCodecContext *avctx, HpelDSPContext *hdsp, return result; } -static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) +static void svq1_parse_string(GetBitContext *bitbuf, uint8_t out[257]) { uint8_t seed; int i; @@ -507,6 +507,7 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) out[i] = get_bits(bitbuf, 8) ^ seed; seed = string_table[out[i] ^ seed]; } + out[i] = 0; } static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) @@ -549,12 +550,12 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) } if ((s->frame_code ^ 0x10) >= 0x50) { - uint8_t msg[256]; + uint8_t msg[257]; svq1_parse_string(bitbuf, msg); av_log(avctx, AV_LOG_INFO, - "embedded message:\n%s\n", (char *)msg); + "embedded message:\n%s\n", ((char *)msg) + 1); } skip_bits(bitbuf, 2); |