[FFmpeg-cvslog] ass_split: fix out of array access in ass_split()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Jan 11 02:51:27 2013 +0100| [8b47058c61af83c28231b860d46ee754ed7a9310] | committer: Michael Niedermayer

ass_split: fix out of array access in ass_split()

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b47058c61af83c28231b860d46ee754ed7a9310
---

 libavcodec/ass_split.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
index 62c8db9..413e9c8 100644
--- a/libavcodec/ass_split.c
+++ b/libavcodec/ass_split.c
@@ -285,14 +285,17 @@ static int ass_split(ASSSplitContext *ctx, const char *buf)
 
     while (buf && *buf) {
         if (sscanf(buf, "[%15[0-9A-Za-z+ ]]%c", section, &c) == 2) {
-            buf += strcspn(buf, "\n") + 1;
+            buf += strcspn(buf, "\n");
+            buf += !!*buf;
             for (i=0; i<FF_ARRAY_ELEMS(ass_sections); i++)
                 if (!strcmp(section, ass_sections[i].section)) {
                     ctx->current_section = i;
                     buf = ass_split_section(ctx, buf);
                 }
-        } else
-            buf += strcspn(buf, "\n") + 1;
+        } else {
+            buf += strcspn(buf, "\n");
+            buf += !!*buf;
+        }
     }
     return buf ? 0 : AVERROR_INVALIDDATA;
 }