[FFmpeg-devel] [PATCH 1/1] Fixing 3GPP Timed Text (TTXT / tx3g / mov_text) encoding for UTF-8 (ticket 6021)

Erik BrĂ¥then Solem erikbsolem at hotmail.com
Mon Dec 19 00:09:54 EET 2016

Good question. Since text_pos_chars never exceeds the existing 
variable text_pos, I did not think about this.

No, there are no checks. The spec says that "Authors should limit the
string in each text sample to not more than 2048 bytes, for maximum
terminal interoperability", but the code does not enforce this limit
(or the maximum uint16_t value of 65535 for that matter). The likeli-
hood of exceeding this limit is very small, but it does not hurt to
add a check. In any case text_pos >= text_pos_chars, so it should be
sufficient to check just text_pos. In mov_text_new_line_cb we only
increment by 1, so checking if s->text_pos == 0 after that is enough.
In mov_text_text_cb this check can be used instead, placed before the
length len is added to text_pos:
if (len > UINT16_MAX || (s->text_pos > UINT16_MAX - len)) // Overflow

I am new to the project's source code and do not know how errors and
warnings should be handled, but could it be an idea to print a
warning if text_pos > 2048, and print an error message and abort in
case of overflow? Or should the rest of the text just be truncated?

PS. Please excuse the duplicate patch that was sent an hour or two
ago. It is identical to the one I submitted a couple of days ago and
I have no idea why or how that happened.

More information about the ffmpeg-devel mailing list