On Thu, 28 Aug 2014 17:39:27 +0200
Stefano Sabatini <stefa...@gmail.com> wrote:
> Fix reopened trac ticket #1163.
> ---
> libavutil/avstring.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/libavutil/avstring.c b/libavutil/avstring.c
> index a63fb84..df27d5e 100644
> --- a/libavutil/avstring.c
> +++ b/libavutil/avstring.c
> @@ -331,7 +331,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp,
> const uint8_t *buf_end,
> const uint8_t *p = *bufp;
> uint32_t top;
> uint64_t code;
> - int ret = 0;
> + int ret = 0, tail_len;
> + uint32_t overlong_encoding_mins[6] = {
> + 0x00000000, 0x00000080, 0x00000800, 0x00010000, 0x00200000,
> 0x04000000,
> + };
>
> if (p >= buf_end)
> return 0;
> @@ -346,8 +349,10 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp,
> const uint8_t *buf_end,
> }
> top = (code & 128) >> 1;
>
> + tail_len = 0;
> while (code & top) {
> int tmp;
> + tail_len++;
> if (p >= buf_end) {
> (*bufp) ++;
> return AVERROR(EILSEQ); /* incomplete sequence */
> @@ -364,6 +369,12 @@ int av_utf8_decode(int32_t *codep, const uint8_t **bufp,
> const uint8_t *buf_end,
> }
> code &= (top << 1) - 1;
>
> + /* check for overlong encodings */
> + if (code < overlong_encoding_mins[tail_len]) {
> + ret = AVERROR(EILSEQ);
> + goto end;
> + }
> +
> if (code >= 1<<31) {
> ret = AVERROR(EILSEQ); /* out-of-range value */
> goto end;
Looks ok and simple to me. Is there a guarantee tail_len never
becomes larger than 5?
Also note that libavcodec/utils.c contains the same check (but less
readable) in utf8_check().
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
