Commit b0635e2f authored by Michael Niedermayer's avatar Michael Niedermayer

movtextenc: fix pointer messup and out of array accesses

Fixes Ticket2187
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent f7b7f021
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include <stdarg.h> #include <stdarg.h>
#include "avcodec.h" #include "avcodec.h"
#include "libavutil/avassert.h"
#include "libavutil/avstring.h" #include "libavutil/avstring.h"
#include "libavutil/intreadwrite.h" #include "libavutil/intreadwrite.h"
#include "ass_split.h" #include "ass_split.h"
...@@ -87,14 +88,17 @@ static av_cold int mov_text_encode_init(AVCodecContext *avctx) ...@@ -87,14 +88,17 @@ static av_cold int mov_text_encode_init(AVCodecContext *avctx)
static void mov_text_text_cb(void *priv, const char *text, int len) static void mov_text_text_cb(void *priv, const char *text, int len)
{ {
MovTextContext *s = priv; MovTextContext *s = priv;
av_assert0(s->end >= s->ptr);
av_strlcpy(s->ptr, text, FFMIN(s->end - s->ptr, len + 1)); av_strlcpy(s->ptr, text, FFMIN(s->end - s->ptr, len + 1));
s->ptr += len; s->ptr += FFMIN(s->end - s->ptr, len);
} }
static void mov_text_new_line_cb(void *priv, int forced) static void mov_text_new_line_cb(void *priv, int forced)
{ {
MovTextContext *s = priv; MovTextContext *s = priv;
av_assert0(s->end >= s->ptr);
av_strlcpy(s->ptr, "\n", FFMIN(s->end - s->ptr, 2)); av_strlcpy(s->ptr, "\n", FFMIN(s->end - s->ptr, 2));
if (s->end > s->ptr)
s->ptr++; s->ptr++;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment