Hi! I believe attached patch fixes an out-of-bound-read in mov_read_mac_string() if p<end is false and if the read character is < 0x80, see bug 989.
Please comment, Carl Eugen
From 6c69f755e1c4f22d1efb36777631c98a4d20ffef Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos <[email protected]> Date: Mon, 14 Nov 2016 14:52:58 +0100 Subject: [PATCH] lavf/mov: Fix an out-of-bound-read in mov_read_mac_string(). --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 8d6cc12..21556be 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -160,7 +160,7 @@ static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len, uint8_t t, c = avio_r8(pb); if (c < 0x80 && p < end) *p++ = c; - else if (p < end) + else if (c >= 0x80 && p < end) PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;); } *p = 0; -- 1.7.10.4
_______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
