diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2014-10-30 18:16:25 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2014-11-02 02:20:10 +0100 |
commit | 694c3dab363fd13a0312cfb635dd7499656a0d27 (patch) | |
tree | 98354d0f483147dbc9f58f17e2bebc9c12802dfb /libavcodec | |
parent | 8efb06c8735f1ceb47e10a2162209c66fe648b3c (diff) | |
download | ffmpeg-694c3dab363fd13a0312cfb635dd7499656a0d27.tar.gz |
avcodec/svq1dec: zero terminate embedded message before printing
Fixes out of array access
Fixes: asan_stack-oob_49b1e5_10_009.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91ba2efa949470e9157b652535d207a101f91e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/svq1dec.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 86fe6f8813..464b8c2dac 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -496,7 +496,7 @@ static int svq1_decode_delta_block(AVCodecContext *avctx, HpelDSPContext *hdsp, return result; } -static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) +static void svq1_parse_string(GetBitContext *bitbuf, uint8_t out[257]) { uint8_t seed; int i; @@ -508,6 +508,7 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) out[i] = get_bits(bitbuf, 8) ^ seed; seed = string_table[out[i] ^ seed]; } + out[i] = 0; } static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) @@ -550,12 +551,12 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) } if ((s->frame_code ^ 0x10) >= 0x50) { - uint8_t msg[256]; + uint8_t msg[257]; svq1_parse_string(bitbuf, msg); av_log(avctx, AV_LOG_INFO, - "embedded message:\n%s\n", (char *)msg); + "embedded message:\n%s\n", ((char *)msg) + 1); } skip_bits(bitbuf, 2); |