[xiph-commits] r15377 - in trunk/ffmpeg2theora: . src
j at svn.xiph.org
j at svn.xiph.org
Mon Oct 6 02:38:55 PDT 2008
Author: j
Date: 2008-10-06 02:38:55 -0700 (Mon, 06 Oct 2008)
New Revision: 15377
Modified:
trunk/ffmpeg2theora/
trunk/ffmpeg2theora/src/subtitles.c
Log:
fix buffer overflow - It'd happen for long buffers in non UTF-8 encodings where the UTF-8
encoding would be longer. Wouldn't happen with "normal" use, but a crafted file could trigger it.
patch by ogg.k.ogg.k
Property changes on: trunk/ffmpeg2theora
___________________________________________________________________
Name: bzr:revision-info
- timestamp: 2008-10-03 17:39:11.273999929 +0200
committer: j
properties:
branch-nick: ffmpeg2theora
+ timestamp: 2008-10-06 11:29:29.834000111 +0200
committer: j
properties:
branch-nick: ffmpeg2theora
Name: bzr:file-ids
- get_libkate.sh 14612 at 0101bb08-14d6-0310-b084-bc0e0c8e3800:trunk%2Fffmpeg2theora:get_libkate.sh
+ src/subtitles.c subtitles.c-20080523092315-berdpbqhudpfrkh7-1
Name: bzr:revision-id:v3-single1-dHJ1bmsvZmZtcGVnMnRoZW9yYQ..
- 191 j-20080517230830-he5x8v2m8yrfiw35
192 j-20080518224037-pkmoctzf4qce7tog
193 j-20080518224409-6hbfp3k2ssn6egqa
194 j-20080520111939-dhi52qwbqe7a47cu
195 j-20080523092252-gj9k9db0s67vl7dw
196 j-20080523092420-l0850yrq1qkgz9t0
197 j-20080523093057-l5g0ezzy5geu0pey
198 j-20080523094343-kcno1dm2e1lr38q4
199 j-20080523163006-kjl6ewea5sxawmq2
200 j-20080523165904-l2vm52qae0hlqkhp
201 j-20080523175432-2ed953iktnl8c7cr
202 j-20080525100939-7oja8pk08v9fquiw
203 j-20080526111321-nhzaqh6ivzn0vs7b
204 j-20080527100851-2v5eyxxrq1riqi50
205 j-20080527101341-9ynbgth2b15jw792
206 j-20080527205556-19tffvfrxgt3khld
207 j-20080527205840-zeestdde3v1zks9k
208 j-20080527210129-e73y56uwmzbcid00
209 j-20080527211813-5ll680ed1q4byp16
210 j-20080528102006-aeippim0tn70mz3f
211 j-20080528104907-40kiidjojvta8j61
212 j-20080528111329-vkqbt7xkat2o9h4z
213 j-20080529102940-q9xdwm5v9espzomv
214 j-20080529111405-nmh99aon1kmh22qm
215 j-20080530094948-ncq064s4uggd9z95
216 j-20080530095056-hko2vjfwipikwjyu
217 j-20080530171822-bab8sy8lpotf8081
218 j-20080603170442-v0pxspvfcucvsaex
219 j-20080617110355-xwbeg1xidmv8fubp
220 j-20080617110518-khqlhaan52kz3lii
221 j-20080723194934-63m20dc3zmkhwj4o
222 j-20080724140108-ntgbrk6913nvtk4b
223 j-20080802221321-3fcp0s6rehryx0n5
224 j-20080802221340-0s6mh8llk6nyon5d
225 j-20080901112127-tyeax385hwukjt13
226 j-20080915075112-fg3yc8radbplosnc
227 j-20080921103515-w89p8jqwt3oq5u20
228 j-20080921103703-prnl3ls2f6u4g177
229 j-20080921104137-otk3xx827h5cofwl
230 j-20080921104242-dswny7jm93stokej
231 j-20081001102101-rl2rf1x9u8e5zrqk
232 j-20081001103246-0uwni13nt5b2mqyw
233 j-20081001104039-68e6rbv58e743plv
234 j-20081001111423-31lxb69fs7023eqi
235 j-20081001112345-eo9e3eheszd68pkb
236 j-20081002180939-vwdafec5iu2ihyq6
237 j-20081003143408-49wdpdkvhnf719rq
238 j-20081003153911-nh2fzqikxgbm7tuk
+ 191 j-20080517230830-he5x8v2m8yrfiw35
192 j-20080518224037-pkmoctzf4qce7tog
193 j-20080518224409-6hbfp3k2ssn6egqa
194 j-20080520111939-dhi52qwbqe7a47cu
195 j-20080523092252-gj9k9db0s67vl7dw
196 j-20080523092420-l0850yrq1qkgz9t0
197 j-20080523093057-l5g0ezzy5geu0pey
198 j-20080523094343-kcno1dm2e1lr38q4
199 j-20080523163006-kjl6ewea5sxawmq2
200 j-20080523165904-l2vm52qae0hlqkhp
201 j-20080523175432-2ed953iktnl8c7cr
202 j-20080525100939-7oja8pk08v9fquiw
203 j-20080526111321-nhzaqh6ivzn0vs7b
204 j-20080527100851-2v5eyxxrq1riqi50
205 j-20080527101341-9ynbgth2b15jw792
206 j-20080527205556-19tffvfrxgt3khld
207 j-20080527205840-zeestdde3v1zks9k
208 j-20080527210129-e73y56uwmzbcid00
209 j-20080527211813-5ll680ed1q4byp16
210 j-20080528102006-aeippim0tn70mz3f
211 j-20080528104907-40kiidjojvta8j61
212 j-20080528111329-vkqbt7xkat2o9h4z
213 j-20080529102940-q9xdwm5v9espzomv
214 j-20080529111405-nmh99aon1kmh22qm
215 j-20080530094948-ncq064s4uggd9z95
216 j-20080530095056-hko2vjfwipikwjyu
217 j-20080530171822-bab8sy8lpotf8081
218 j-20080603170442-v0pxspvfcucvsaex
219 j-20080617110355-xwbeg1xidmv8fubp
220 j-20080617110518-khqlhaan52kz3lii
221 j-20080723194934-63m20dc3zmkhwj4o
222 j-20080724140108-ntgbrk6913nvtk4b
223 j-20080802221321-3fcp0s6rehryx0n5
224 j-20080802221340-0s6mh8llk6nyon5d
225 j-20080901112127-tyeax385hwukjt13
226 j-20080915075112-fg3yc8radbplosnc
227 j-20080921103515-w89p8jqwt3oq5u20
228 j-20080921103703-prnl3ls2f6u4g177
229 j-20080921104137-otk3xx827h5cofwl
230 j-20080921104242-dswny7jm93stokej
231 j-20081001102101-rl2rf1x9u8e5zrqk
232 j-20081001103246-0uwni13nt5b2mqyw
233 j-20081001104039-68e6rbv58e743plv
234 j-20081001111423-31lxb69fs7023eqi
235 j-20081001112345-eo9e3eheszd68pkb
236 j-20081002180939-vwdafec5iu2ihyq6
237 j-20081003143408-49wdpdkvhnf719rq
238 j-20081003153911-nh2fzqikxgbm7tuk
239 j-20081006092929-7kh3399r2tkat0x8
Modified: trunk/ffmpeg2theora/src/subtitles.c
===================================================================
--- trunk/ffmpeg2theora/src/subtitles.c 2008-10-05 05:04:01 UTC (rev 15376)
+++ trunk/ffmpeg2theora/src/subtitles.c 2008-10-06 09:38:55 UTC (rev 15377)
@@ -131,13 +131,14 @@
}
/* very simple implementation when no iconv */
-static void convert_subtitle_to_utf8(F2T_ENCODING encoding,char *text,int ignore_non_utf8)
+static char *convert_subtitle_to_utf8(F2T_ENCODING encoding,char *text,int ignore_non_utf8)
{
size_t nbytes;
- char *ptr,*newtext;
+ char *ptr;
+ char *newtext = NULL;
int errors=0;
- if (!text || !*text) return;
+ if (!text) return NULL;
switch (encoding) {
case ENC_UNSET:
@@ -154,7 +155,7 @@
newtext=(char*)malloc(nbytes);
if (!newtext) {
fprintf(stderr, "WARNING - Memory allocation failed - cannot convert text\n");
- return;
+ return NULL;
}
ptr = text;
wptr = newtext;
@@ -167,7 +168,7 @@
if (ret<0) {
fprintf(stderr, "WARNING - failed to filter utf8 text: %s\n", text);
free(newtext);
- return;
+ return NULL;
}
if (ret==0) break;
}
@@ -182,9 +183,6 @@
if (errors) {
fprintf(stderr, "WARNING - Found non utf8 character(s) in string %s, scrubbed out\n", text);
}
-
- strcpy(text,newtext);
- free(newtext);
}
break;
case ENC_ISO_8859_1:
@@ -198,7 +196,7 @@
newtext=(char*)malloc(1+nbytes);
if (!newtext) {
fprintf(stderr, "WARNING - Memory allocation failed - cannot convert text\n");
- return;
+ return NULL;
}
nbytes=0;
for (ptr=text;*ptr;++ptr) {
@@ -211,13 +209,13 @@
}
}
newtext[nbytes++]=0;
- memcpy(text,newtext,nbytes);
- free(newtext);
break;
default:
fprintf(stderr, "ERROR: encoding %d not handled in conversion!\n", encoding);
+ newtext = strdup("");
break;
}
+ return newtext;
}
static void remove_last_newline(char *text)
@@ -247,6 +245,7 @@
FILE *f;
size_t len;
unsigned int line=0;
+ char *utf8;
this->subtitles = NULL;
@@ -312,19 +311,27 @@
remove_last_newline(text);
/* we want all text to be UTF8 */
- convert_subtitle_to_utf8(this->subtitles_encoding,text,ignore_non_utf8);
- len = strlen(text);
+ utf8=convert_subtitle_to_utf8(this->subtitles_encoding,text,ignore_non_utf8);
+ if (!utf8) {
+ fclose(f);
+ free(this->subtitles);
+ return -1;
+ break;
+ }
+
+ len = strlen(utf8);
this->subtitles = (ff2theora_subtitle*)realloc(this->subtitles, (this->num_subtitles+1)*sizeof(ff2theora_subtitle));
if (!this->subtitles) {
+ free(utf8);
fprintf(stderr, "Out of memory\n");
fclose(f);
free(this->subtitles);
return -1;
}
- ret=kate_text_validate(kate_utf8,text,len+1);
+ ret=kate_text_validate(kate_utf8,utf8,len+1);
if (ret<0) {
if (!warned) {
- fprintf(stderr,"WARNING - %s:%u: subtitle %s is not valid utf-8\n",this->filename,line,text);
+ fprintf(stderr,"WARNING - %s:%u: subtitle %s is not valid utf-8\n",this->filename,line,utf8);
fprintf(stderr," further invalid subtitles will NOT be flagged\n");
warned=1;
}
@@ -332,10 +339,9 @@
else {
/* kill off trailing \n characters */
while (len>0) {
- if (text[len-1]=='\n') text[--len]=0; else break;
+ if (utf8[len-1]=='\n') utf8[--len]=0; else break;
}
- this->subtitles[this->num_subtitles].text = (char*)malloc(len+1);
- memcpy(this->subtitles[this->num_subtitles].text, text, len+1);
+ this->subtitles[this->num_subtitles].text = utf8;
this->subtitles[this->num_subtitles].len = len;
this->subtitles[this->num_subtitles].t0 = t0;
this->subtitles[this->num_subtitles].t1 = t1;
More information about the commits
mailing list