[FFmpeg-cvslog] lavf/mov.c: Allocate buffer in case of long metadata entries.

Mon, 20 Oct 2014 10:33:19 -0700 

ffmpeg | branch: master | Thilo Borgmann <thilo.borgm...@mail.de> | Mon Oct 20 
13:42:28 2014 +0200| [f31445a82d6acd0b8fab5a26c04e91645f4854d8] | committer: 
Michael Niedermayer

lavf/mov.c: Allocate buffer in case of long metadata entries.

Fixes ticket #4018

Signed-off-by: Michael Niedermayer <michae...@gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f31445a82d6acd0b8fab5a26c04e91645f4854d8
---

 libavformat/mov.c |   18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 13ba907..a7ec910 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -262,10 +262,11 @@ static int mov_read_udta_string(MOVContext *c, 
AVIOContext *pb, MOVAtom atom)
 #ifdef MOV_EXPORT_ALL_METADATA
     char tmp_key[5];
 #endif
-    char str[1024], key2[16], language[4] = {0};
+    char key2[16], language[4] = {0};
+    char *str = NULL;
     const char *key = NULL;
     uint16_t langcode = 0;
-    uint32_t data_type = 0, str_size;
+    uint32_t data_type = 0, str_size, str_size_alloc;
     int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
 
     switch (atom.type) {
@@ -354,18 +355,21 @@ static int mov_read_udta_string(MOVContext *c, 
AVIOContext *pb, MOVAtom atom)
     }
 #endif
 
+    str_size_alloc = str_size << 1; // worst-case requirement for output 
string in case of utf8 coded input
+    str = av_malloc(str_size_alloc);
+    if (!str)
+        return AVERROR(ENOMEM);
+
     if (!key)
         return 0;
     if (atom.size < 0)
         return AVERROR_INVALIDDATA;
 
-    str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);
-
     if (parse)
         parse(c, pb, str_size, key);
     else {
         if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode 
== 0x7fff))) { // MAC Encoded
-            mov_read_mac_string(c, pb, str_size, str, sizeof(str));
+            mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
         } else {
             int ret = avio_read(pb, str, str_size);
             if (ret != str_size)
@@ -381,7 +385,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
     }
     av_dlog(c->fc, "lang \"%3s\" ", language);
     av_dlog(c->fc, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n",
-            key, str, (char*)&atom.type, str_size, atom.size);
+            key, str, (char*)&atom.type, str_size_alloc, atom.size);
+
+    av_freep(&str);
 
     return 0;
 }

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

Reply via email to