Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in / Register
Toggle navigation
F
ffmpeg.wasm-core
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Linshizhi
ffmpeg.wasm-core
Commits
d4ec07df
Commit
d4ec07df
authored
Aug 28, 2014
by
Stefano Sabatini
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
lavu/avstring: check for overlong encodings in av_utf8_decode()
Fix reopened trac ticket #1163.
parent
36952786
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
14 additions
and
1 deletion
+14
-1
avstring.c
libavutil/avstring.c
+14
-1
No files found.
libavutil/avstring.c
View file @
d4ec07df
...
@@ -27,6 +27,7 @@
...
@@ -27,6 +27,7 @@
#include "config.h"
#include "config.h"
#include "common.h"
#include "common.h"
#include "mem.h"
#include "mem.h"
#include "avassert.h"
#include "avstring.h"
#include "avstring.h"
#include "bprint.h"
#include "bprint.h"
...
@@ -331,7 +332,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
...
@@ -331,7 +332,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
const
uint8_t
*
p
=
*
bufp
;
const
uint8_t
*
p
=
*
bufp
;
uint32_t
top
;
uint32_t
top
;
uint64_t
code
;
uint64_t
code
;
int
ret
=
0
;
int
ret
=
0
,
tail_len
;
uint32_t
overlong_encoding_mins
[
6
]
=
{
0x00000000
,
0x00000080
,
0x00000800
,
0x00010000
,
0x00200000
,
0x04000000
,
};
if
(
p
>=
buf_end
)
if
(
p
>=
buf_end
)
return
0
;
return
0
;
...
@@ -346,8 +350,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
...
@@ -346,8 +350,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
}
}
top
=
(
code
&
128
)
>>
1
;
top
=
(
code
&
128
)
>>
1
;
tail_len
=
0
;
while
(
code
&
top
)
{
while
(
code
&
top
)
{
int
tmp
;
int
tmp
;
tail_len
++
;
if
(
p
>=
buf_end
)
{
if
(
p
>=
buf_end
)
{
(
*
bufp
)
++
;
(
*
bufp
)
++
;
return
AVERROR
(
EILSEQ
);
/* incomplete sequence */
return
AVERROR
(
EILSEQ
);
/* incomplete sequence */
...
@@ -364,6 +370,13 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
...
@@ -364,6 +370,13 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp, const uint8_t *buf_end,
}
}
code
&=
(
top
<<
1
)
-
1
;
code
&=
(
top
<<
1
)
-
1
;
/* check for overlong encodings */
av_assert0
(
tail_len
<=
5
);
if
(
code
<
overlong_encoding_mins
[
tail_len
])
{
ret
=
AVERROR
(
EILSEQ
);
goto
end
;
}
if
(
code
>=
1
<<
31
)
{
if
(
code
>=
1
<<
31
)
{
ret
=
AVERROR
(
EILSEQ
);
/* out-of-range value */
ret
=
AVERROR
(
EILSEQ
);
/* out-of-range value */
goto
end
;
goto
end
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment