[FFmpeg-devel] [PATCH] Fix memory corruption in srt_to_ass (subtitle decoder)

Alexandre Colucci alexandre at elgato.com
Thu Mar 24 17:17:56 CET 2011


The function srt_to_ass uses sscanf() with the conversion '%128[]' to parse srt data. The conversion '%128[]' requires a buffer that (in sscanf man page):
"must be a pointer to char, and there must be enough room for all the characters in the string, plus a terminating NUL character."

Currently the buffer can only contain 128 characters but the sscanf call requires 128 + 1 (NUL character) = 129 characters.
This sscanf call led in some cases to a memory corruption and can cause a crash. The proposed patch consists of increasing the size of the buffer.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: submission.diff
Type: application/octet-stream
Size: 517 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110324/e7506e97/attachment.obj>

More information about the ffmpeg-devel mailing list