ass_split: fix out of array access in ass_split()

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

ass_split: fix out of array access in ass_split()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
8b47058c · Michael Niedermayer · 97b1ba69 · 8b47058c
Commit 8b47058c authored Jan 11, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

ass_split.c libavcodec/ass_split.c +6 -3

No files found.
--- a/libavcodec/ass_split.c
+++ b/libavcodec/ass_split.c
@@ -285,14 +285,17 @@ static int ass_split(ASSSplitContext *ctx, const char *buf)

    while (buf && *buf) {
        if (sscanf(buf, "[%15[0-9A-Za-z+ ]]%c", section, &c) == 2) {
-            buf += strcspn(buf, "\n") + 1;
+            buf += strcspn(buf, "\n");
+            buf += !!*buf;
            for (i=0; i<FF_ARRAY_ELEMS(ass_sections); i++)
                if (!strcmp(section, ass_sections[i].section)) {
                    ctx->current_section = i;
                    buf = ass_split_section(ctx, buf);
                }
-        } else
-            buf += strcspn(buf, "\n") + 1;
+        } else {
+            buf += strcspn(buf, "\n");
+            buf += !!*buf;
+        }
    }
    return buf ? 0 : AVERROR_INVALIDDATA;
 }