Browse code
avformat/aviobuf: Fix end check in put_str16()
Fixes out of array read
Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 115fb6d03ef6310732b42258d8c3cd1839cfb74b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2016/01/13 10:31:59Showing 1 changed files
| ... | ... |
@@ -360,6 +360,8 @@ static inline int put_str16(AVIOContext *s, const char *str, const int be) |
| 360 | 360 |
invalid: |
| 361 | 361 |
av_log(s, AV_LOG_ERROR, "Invaid UTF8 sequence in avio_put_str16%s\n", be ? "be" : "le"); |
| 362 | 362 |
err = AVERROR(EINVAL); |
| 363 |
+ if (!*(q-1)) |
|
| 364 |
+ break; |
|
| 363 | 365 |
} |
| 364 | 366 |
if (be) |
| 365 | 367 |
avio_wb16(s, 0); |