[vlc-commits] subsdec: Fix potential out of bound reads

Thu, 06 Apr 2017 07:38:28 -0700 

vlc/vlc-2.2 | branch: master | Yannay Livneh <[email protected]> | Thu Apr 
 6 11:18:46 2017 +0200| [7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328] | committer: 
Hugo Beauzée-Luyssen

subsdec: Fix potential out of bound reads

Report and patch by: Yannay Livneh <[email protected]>
                     Omri Herscovici <[email protected]>
                     Omer Gull <[email protected]>

Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
---

 modules/codec/subsdec.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/codec/subsdec.c b/modules/codec/subsdec.c
index 1b4276e..addd8c7 100644
--- a/modules/codec/subsdec.c
+++ b/modules/codec/subsdec.c
@@ -664,7 +664,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char 
*psz_subtitle )
                 HtmlCopy( &psz_html, &psz_subtitle, "<font " );
                 HtmlPut( &psz_tag, "f" );
 
-                while( *psz_subtitle != '>' )
+                while( *psz_subtitle != '>' && *psz_subtitle)
                 {
                     int  k;
 
@@ -722,7 +722,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char 
*psz_subtitle )
                                 i_len++;
                         }
                         /* Not a tag, something else we do not understand */
-                        if( i_len == 0 )
+                        if( i_len == 0 && *psz_subtitle != '\0' )
                             psz_subtitle++;
 
                         psz_subtitle += i_len;
@@ -731,6 +731,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char 
*psz_subtitle )
                     HtmlNPut( &psz_html, psz_subtitle, strspn(psz_subtitle, " 
") );
                 }
                 HtmlPut( &psz_html, ">" );
+                if (*psz_subtitle == '\0') break;
                 psz_subtitle++;
             }
             else if( !strncmp( psz_subtitle, "</", 2 ))
@@ -912,7 +913,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char 
*psz_subtitle )
             }
             psz_subtitle = strchr( psz_subtitle, '}' ) + 1;
         }
-        else if( psz_subtitle[0] == '{' &&  psz_subtitle[2] == ':' && strchr( 
psz_subtitle, '}' ) )
+        else if( psz_subtitle[0] == '{' &&  psz_subtitle[1] != '\0' && 
psz_subtitle[2] == ':' && strchr( psz_subtitle, '}' ) )
         {
             // Hide other {x:y} atrocities, like {c:$bbggrr} or {P:x}
             psz_subtitle = strchr( psz_subtitle, '}' ) + 1;

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to