vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Thu Feb 28 14:54:44 2019 +0100| [6f8e90c21c102dc4653d4f0adc6cffc53fcddba1] | committer: Hugo Beauzée-Luyssen
textst: Fix potential buffer overflow https://hackerone.com/reports/503242 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6f8e90c21c102dc4653d4f0adc6cffc53fcddba1 --- modules/codec/textst.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/codec/textst.c b/modules/codec/textst.c index 567f97edf0..a74d9a930b 100644 --- a/modules/codec/textst.c +++ b/modules/codec/textst.c @@ -75,6 +75,8 @@ static size_t textst_FillRegion(decoder_t *p_dec, const uint8_t *p_data, size_t /* forced_on_flag b1 */ /* ? b6 */ + assert( i_data >= 4 ); + //uint8_t region_style_id_ref = p_data[1]; uint16_t i_data_length = GetWBE(&p_data[2]); @@ -211,7 +213,7 @@ static void textst_FillRegions(decoder_t *p_dec, const uint8_t *p_data, size_t i uint8_t i_region_count = p_data[0]; p_data++; i_data--; - for(uint8_t i=0; i<i_region_count && i_data > 0; i++) + for(uint8_t i=0; i<i_region_count && i_data > 4; i++) { if(*pp_last == NULL) { _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
