vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sun Dec 10 22:23:01 2017 +0200| [e018cc44508a62b381a5cbf256693a970cdc20b0] | committer: Rémi Denis-Courmont
mp4: fix off-by-one reading with nul-terminated string > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=e018cc44508a62b381a5cbf256693a970cdc20b0 --- modules/demux/mp4/libmp4.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c index c935f88a28..a4398ce5ea 100644 --- a/modules/demux/mp4/libmp4.c +++ b/modules/demux/mp4/libmp4.c @@ -105,16 +105,14 @@ static char *mp4_getstringz( uint8_t **restrict in, uint64_t *restrict size ) assert( *size <= SSIZE_MAX ); size_t len = strnlen( (const char *)*in, *size ); - if( len == 0 ) + if( len == 0 || len >= *size ) return NULL; - char *ret = malloc( len + 1 ); + len++; + + char *ret = malloc( len ); if( likely(ret != NULL) ) - { memcpy( ret, *in, len ); - ret[len] = '\0'; - } - len++; *in += len; *size -= len; return ret; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
