Re: [FFmpeg-devel] [PATCH 204/217] avcodec/ass_split: Don't presume strlen to be >= 2

2021-04-02 Thread Andreas Rheinhardt 
On Wed, Dec 2, 2020 at 5:24 AM Andreas Rheinhardt <
andreas.rheinha...@gmail.com> wrote:

> Fixes potential heap-buffer-overflow.
>
> Signed-off-by: Andreas Rheinhardt 
> ---
>  libavcodec/ass_split.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
> index c2c388d9f0..189272bbd9 100644
> --- a/libavcodec/ass_split.c
> +++ b/libavcodec/ass_split.c
> @@ -376,7 +376,7 @@ ASSSplitContext *ff_ass_split(const char *buf)
>  ASSSplitContext *ctx = av_mallocz(sizeof(*ctx));
>  if (!ctx)
>  return NULL;
> -if (buf && !memcmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
> +if (buf && !strncmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
>  buf += 3;
>  ctx->current_section = -1;
>  if (ass_split(ctx, buf) < 0) {
> --
> 2.25.1
>
>
Will apply.

- Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 204/217] avcodec/ass_split: Don't presume strlen to be >= 2

2020-12-01 Thread Andreas Rheinhardt 
Fixes potential heap-buffer-overflow.

Signed-off-by: Andreas Rheinhardt 
---
 libavcodec/ass_split.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
index c2c388d9f0..189272bbd9 100644
--- a/libavcodec/ass_split.c
+++ b/libavcodec/ass_split.c
@@ -376,7 +376,7 @@ ASSSplitContext *ff_ass_split(const char *buf)
 ASSSplitContext *ctx = av_mallocz(sizeof(*ctx));
 if (!ctx)
 return NULL;
-if (buf && !memcmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
+if (buf && !strncmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
 buf += 3;
 ctx->current_section = -1;
 if (ass_split(ctx, buf) < 0) {
-- 
2.25.1

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".