Commit f31445a8 authored by Thilo Borgmann's avatar Thilo Borgmann Committed by Michael Niedermayer

lavf/mov.c: Allocate buffer in case of long metadata entries.

Fixes ticket #4018
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 04a4fb81
...@@ -262,10 +262,11 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -262,10 +262,11 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
#ifdef MOV_EXPORT_ALL_METADATA #ifdef MOV_EXPORT_ALL_METADATA
char tmp_key[5]; char tmp_key[5];
#endif #endif
char str[1024], key2[16], language[4] = {0}; char key2[16], language[4] = {0};
char *str = NULL;
const char *key = NULL; const char *key = NULL;
uint16_t langcode = 0; uint16_t langcode = 0;
uint32_t data_type = 0, str_size; uint32_t data_type = 0, str_size, str_size_alloc;
int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL; int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
switch (atom.type) { switch (atom.type) {
...@@ -354,18 +355,21 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -354,18 +355,21 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
} }
#endif #endif
str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
str = av_malloc(str_size_alloc);
if (!str)
return AVERROR(ENOMEM);
if (!key) if (!key)
return 0; return 0;
if (atom.size < 0) if (atom.size < 0)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);
if (parse) if (parse)
parse(c, pb, str_size, key); parse(c, pb, str_size, key);
else { else {
if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff))) { // MAC Encoded if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff))) { // MAC Encoded
mov_read_mac_string(c, pb, str_size, str, sizeof(str)); mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
} else { } else {
int ret = avio_read(pb, str, str_size); int ret = avio_read(pb, str, str_size);
if (ret != str_size) if (ret != str_size)
...@@ -381,7 +385,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -381,7 +385,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
} }
av_dlog(c->fc, "lang \"%3s\" ", language); av_dlog(c->fc, "lang \"%3s\" ", language);
av_dlog(c->fc, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n", av_dlog(c->fc, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n",
key, str, (char*)&atom.type, str_size, atom.size); key, str, (char*)&atom.type, str_size_alloc, atom.size);
av_freep(&str);
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment