[FFmpeg-devel] [PATCH] Fix memory corruption in srt_to_ass (subtitle decoder)
Alexandre Colucci
alexandre at elgato.com
Thu Mar 24 17:17:56 CET 2011
Hi,
The function srt_to_ass uses sscanf() with the conversion '%128[]' to parse srt data. The conversion '%128[]' requires a buffer that (in sscanf man page):
"must be a pointer to char, and there must be enough room for all the characters in the string, plus a terminating NUL character."
Currently the buffer can only contain 128 characters but the sscanf call requires 128 + 1 (NUL character) = 129 characters.
This sscanf call led in some cases to a memory corruption and can cause a crash. The proposed patch consists of increasing the size of the buffer.
Alexandre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: submission.diff
Type: application/octet-stream
Size: 517 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110324/e7506e97/attachment.obj>
More information about the ffmpeg-devel
mailing list