[FFmpeg-devel] [PATCH 1/1] Fixing 3GPP Timed Text (TTXT / tx3g / mov_text) encoding for UTF-8 (ticket 6021)
Michael Niedermayer
michael at niedermayer.cc
Mon Dec 19 13:06:25 EET 2016
On Sun, Dec 18, 2016 at 10:09:54PM +0000, Erik BrĂ¥then Solem wrote:
> Good question. Since text_pos_chars never exceeds the existing
> variable text_pos, I did not think about this.
>
> No, there are no checks. The spec says that "Authors should limit the
> string in each text sample to not more than 2048 bytes, for maximum
> terminal interoperability", but the code does not enforce this limit
> (or the maximum uint16_t value of 65535 for that matter). The likeli-
> hood of exceeding this limit is very small, but it does not hurt to
> add a check. In any case text_pos >= text_pos_chars, so it should be
> sufficient to check just text_pos. In mov_text_new_line_cb we only
> increment by 1, so checking if s->text_pos == 0 after that is enough.
> In mov_text_text_cb this check can be used instead, placed before the
> length len is added to text_pos:
> if (len > UINT16_MAX || (s->text_pos > UINT16_MAX - len)) // Overflow
>
> I am new to the project's source code and do not know how errors and
> warnings should be handled, but could it be an idea to print a
> warning if text_pos > 2048, and print an error message and abort in
> case of overflow? Or should the rest of the text just be truncated?
i dont know about the 2048 case, but yes at the point were it
would overflow error and returning an error (with cleanup if needed)
is what we normally do. (something else would make sense if it occurs
in real world files and isnt just an error/damagd unsalvagable blob)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you drop bombs on a foreign country and kill a hundred thousand
innocent people, expect your government to call the consequence
"unprovoked inhuman terrorist attacks" and use it to justify dropping
more bombs and killing more people. The technology changed, the idea is old.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161219/78692be2/attachment.sig>
More information about the ffmpeg-devel
mailing list