avcodec/movtextenc: Ignore unmatched closing style tags

The existing code will segfault if a closing tag shows up when there was never an opening tag. This isn't a well formed style, but it's also not a reason to crash. Fixes: https://trac.ffmpeg.org/ticket/6303

avcodec/movtextenc: Ignore unmatched closing style tags
The existing code will segfault if a closing tag shows up when there was never an opening tag. This isn't a well formed style, but it's also not a reason to crash. Fixes: https://trac.ffmpeg.org/ticket/6303
f95c81ce · Philip Langdale · 6ba1c9bf · f95c81ce
Commit f95c81ce authored Apr 23, 2017 by Philip Langdale
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

movtextenc.c libavcodec/movtextenc.c +6 -0

No files found.
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -57,6 +57,8 @@ typedef struct {
 } HilightcolorBox;
 typedef struct {
+    AVCodecContext *avctx;
    ASSSplitContext *ass_ctx;
    AVBPrint buffer;
    StyleBox **style_attributes;
@@ -187,6 +189,7 @@ static av_cold int mov_text_encode_init(AVCodecContext *avctx)
    };
    MovTextContext *s = avctx->priv_data;
+    s->avctx = avctx;
    avctx->extradata_size = sizeof text_sample_entry;
    avctx->extradata = av_mallocz(avctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -247,6 +250,9 @@ static void mov_text_style_cb(void *priv, const char style, int close)
            s->style_attributes_temp->style_flag |= STYLE_FLAG_UNDERLINE;
            break;
        }
+    } else if (!s->style_attributes_temp) {
+        av_log(s->avctx, AV_LOG_WARNING, "Ignoring unmatched close tag\n");
+        return;
    } else {
        s->style_attributes_temp->style_end = AV_RB16(&s->text_pos);
        av_dynarray_add(&s->style_attributes, &s->count, s->style_attributes_temp);