On 14.11.2016 14:56, Carl Eugen Hoyos wrote: > I believe attached patch fixes an out-of-bound-read in mov_read_mac_string() > if p<end is false and if the read character is < 0x80, see bug 989. > > Please comment, Carl Eugen
This patch is not necessary, the issue was fixed with commit 437f5daf0. If (p < end) is false, the 'else if (p < end)' branch will not be entered. > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -160,7 +160,7 @@ static int mov_read_mac_string(MOVContext *c, AVIOContext > *pb, int len, > uint8_t t, c = avio_r8(pb); However, reusing the variable name of the MOVContext as uint8_t looks strange. > if (c < 0x80 && p < end) > *p++ = c; > - else if (p < end) > + else if (c >= 0x80 && p < end) > PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;); > } > *p = 0; > -- 1.7.10.4 Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
