Nicolas George: > Andreas Rheinhardt (12020-09-20): >> The tedcaptions demuxer uses an AVBPrint whose string is not restricted >> to its internal buffer; it therefore needs to be cleaned up, yet this is >> not done on error, as parse_file() returned simply returned directly. >> This is fixed by going to fail first in such cases. >> Furthermore, there is also a second way how this string can leak: By >> having more than one subtitle per subtitle block, as the new one simply >> overwrites the old one in this case as the AVBPrint is initialized each >> time upon encountering a subtitle line. The code has been modified to >> simply append the new subtitle to the old one, so that the old one can't >> leak any more. >> >> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com> >> --- >> libavformat/tedcaptionsdec.c | 73 ++++++++++++++++++------------------ >> 1 file changed, 36 insertions(+), 37 deletions(-) > > Should be ok. > > I notice that the code calls ff_subtitles_queue_insert() without > checking if the buffer is truncated. It should be fixed too, but that > is separate from this patch. > > Regards, > parse_string() checks for this (for the content, not the labels, where the check is unnecessary).
- Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
