Nicolas George:
> Andreas Rheinhardt (12020-09-20):
>> The tedcaptions demuxer uses an AVBPrint whose string is not restricted
>> to its internal buffer; it therefore needs to be cleaned up, yet this is
>> not done on error, as parse_file() returned simply returned directly.
>> This is fixed by going to fail first in such cases.
>> Furthermore, there is also a second way how this string can leak: By
>> having more than one subtitle per subtitle block, as the new one simply
>> overwrites the old one in this case as the AVBPrint is initialized each
>> time upon encountering a subtitle line. The code has been modified to
>> simply append the new subtitle to the old one, so that the old one can't
>> leak any more.
>>
>> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
>> ---
>>  libavformat/tedcaptionsdec.c | 73 ++++++++++++++++++------------------
>>  1 file changed, 36 insertions(+), 37 deletions(-)
> 
> Should be ok.
> 
> I notice that the code calls ff_subtitles_queue_insert() without
> checking if the buffer is truncated. It should be fixed too, but that
> is separate from this patch.
> 
> Regards,
> 
parse_string() checks for this (for the content, not the labels, where
the check is unnecessary).

- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to