diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2014-10-30 18:16:25 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2014-11-01 15:40:38 +0100 |
commit | 9b8b35910ffb312c4a9efcead6314ab003bacd83 (patch) | |
tree | 29ad9c53f549fdf97ba42133811b93e37877a577 /libavcodec | |
parent | f00ec3307b5f61a5efbfa2a1d71817bb53fa397e (diff) | |
download | ffmpeg-9b8b35910ffb312c4a9efcead6314ab003bacd83.tar.gz |
avcodec/svq1dec: zero terminate embedded message before printing
Fixes out of array access
Fixes: asan_stack-oob_49b1e5_10_009.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91ba2efa949470e9157b652535d207a101f91e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/svq1dec.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index eb643446d1..864177419a 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -499,7 +499,7 @@ static int svq1_decode_delta_block(AVCodecContext *avctx, HpelDSPContext *hdsp, return result; } -static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) +static void svq1_parse_string(GetBitContext *bitbuf, uint8_t out[257]) { uint8_t seed; int i; @@ -511,6 +511,7 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) out[i] = get_bits(bitbuf, 8) ^ seed; seed = string_table[out[i] ^ seed]; } + out[i] = 0; } static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) @@ -553,12 +554,12 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) } if ((s->frame_code ^ 0x10) >= 0x50) { - uint8_t msg[256]; + uint8_t msg[257]; svq1_parse_string(bitbuf, msg); av_log(avctx, AV_LOG_INFO, - "embedded message:\n%s\n", (char *)msg); + "embedded message:\n%s\n", ((char *)msg) + 1); } skip_bits(bitbuf, 2); |