Commit 8b47058c authored by Michael Niedermayer's avatar Michael Niedermayer

ass_split: fix out of array access in ass_split()

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 97b1ba69
......@@ -285,14 +285,17 @@ static int ass_split(ASSSplitContext *ctx, const char *buf)
while (buf && *buf) {
if (sscanf(buf, "[%15[0-9A-Za-z+ ]]%c", section, &c) == 2) {
buf += strcspn(buf, "\n") + 1;
buf += strcspn(buf, "\n");
buf += !!*buf;
for (i=0; i<FF_ARRAY_ELEMS(ass_sections); i++)
if (!strcmp(section, ass_sections[i].section)) {
ctx->current_section = i;
buf = ass_split_section(ctx, buf);
}
} else
buf += strcspn(buf, "\n") + 1;
} else {
buf += strcspn(buf, "\n");
buf += !!*buf;
}
}
return buf ? 0 : AVERROR_INVALIDDATA;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment