aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorThilo Borgmann <thilo.borgmann@mail.de>2014-10-20 13:42:28 +0200
committerMichael Niedermayer <michaelni@gmx.at>2014-10-20 19:27:34 +0200
commitf31445a82d6acd0b8fab5a26c04e91645f4854d8 (patch)
tree5f5caf0a24345cf42c0218978012943e694704ac /libavformat
parent04a4fb81b3d1a92f52b5404738da8971c018946f (diff)
downloadffmpeg-f31445a82d6acd0b8fab5a26c04e91645f4854d8.tar.gz
lavf/mov.c: Allocate buffer in case of long metadata entries.
Fixes ticket #4018 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/mov.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 13ba907cfb..a7ec910595 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -262,10 +262,11 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
#ifdef MOV_EXPORT_ALL_METADATA
char tmp_key[5];
#endif
- char str[1024], key2[16], language[4] = {0};
+ char key2[16], language[4] = {0};
+ char *str = NULL;
const char *key = NULL;
uint16_t langcode = 0;
- uint32_t data_type = 0, str_size;
+ uint32_t data_type = 0, str_size, str_size_alloc;
int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
switch (atom.type) {
@@ -354,18 +355,21 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
}
#endif
+ str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
+ str = av_malloc(str_size_alloc);
+ if (!str)
+ return AVERROR(ENOMEM);
+
if (!key)
return 0;
if (atom.size < 0)
return AVERROR_INVALIDDATA;
- str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);
-
if (parse)
parse(c, pb, str_size, key);
else {
if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff))) { // MAC Encoded
- mov_read_mac_string(c, pb, str_size, str, sizeof(str));
+ mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
} else {
int ret = avio_read(pb, str, str_size);
if (ret != str_size)
@@ -381,7 +385,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
}
av_dlog(c->fc, "lang \"%3s\" ", language);
av_dlog(c->fc, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n",
- key, str, (char*)&atom.type, str_size, atom.size);
+ key, str, (char*)&atom.type, str_size_alloc, atom.size);
+
+ av_freep(&str);
return 0;
}