ass: fix NULL usage in embedded font parsing

If fontdata hasn't been allocated yet and an empty line occured NULL was passed to memcpy which is always undefined behaviour (and there was pointer arithmetic on NULL which is also UB). Found by AFL++ and UBSAN.
author: Oneric <oneric@oneric.stub> 2022-04-12 19:56:25 +0200
committer: Oneric <oneric@oneric.stub> 2022-04-13 00:54:04 +0200
commit: 351488be47f1764f347a3db4eb5a31e08dad29b7 (patch)
tree: a7ae61f5a2ace244db03c96a25d10950ca3ea93b
parent: 6678a517f8fc839dbe17c0846c5368c4327aef5b (diff)
download: libass-351488be47f1764f347a3db4eb5a31e08dad29b7.tar.bz2
libass-351488be47f1764f347a3db4eb5a31e08dad29b7.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/libass/ass.c b/libass/ass.c
index b9eac1b..991d31b 100644
--- a/libass/ass.c
+++ b/libass/ass.c
@@ -932,6 +932,8 @@ static int process_fonts_line(ASS_Track *track, char *str)
             goto mem_fail;
         track->parser_priv->fontdata_size = new_size;
     }
+    if (!track->parser_priv->fontdata)
+        return 0;
     memcpy(track->parser_priv->fontdata + track->parser_priv->fontdata_used,
            str, len);
     track->parser_priv->fontdata_used += len;
author	Oneric <oneric@oneric.stub>	2022-04-12 19:56:25 +0200
committer	Oneric <oneric@oneric.stub>	2022-04-13 00:54:04 +0200
commit	351488be47f1764f347a3db4eb5a31e08dad29b7 (patch)
tree	a7ae61f5a2ace244db03c96a25d10950ca3ea93b
parent	6678a517f8fc839dbe17c0846c5368c4327aef5b (diff)
download	libass-351488be47f1764f347a3db4eb5a31e08dad29b7.tar.bz2 libass-351488be47f1764f347a3db4eb5a31e08dad29b7.tar.xz