diff options
author | wm4 <wm4@nowhere> | 2013-06-22 19:36:42 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2013-06-23 03:09:46 +0200 |
commit | 05cd0bca812be7c275896d852c99df9a3a33096b (patch) | |
tree | 5ada25dcfb6732abab304822a533d792f6394978 | |
parent | 572b9fd3ee04ebdb3b6dc5e6e34e31cdb56c157a (diff) | |
download | libass-05cd0bca812be7c275896d852c99df9a3a33096b.tar.bz2 libass-05cd0bca812be7c275896d852c99df9a3a33096b.tar.xz |
Don't mutate input buffer for ass_read_memory()
Fixes google code issue #88.
process_text() garbles the memory as the text is parsed.
This also fixes that the user provided buffer implicitly had to
be null terminated. This wasn't obvious, because the caller
passes in the buffer length. libass ignored the buffer length
(unless a codepage was provided and iconv was enabled), and
happily read past the end of the buffer.
It would be much nicer if the parsing code would be fixed,
instead of just copying the input buffer. Maybe one day.
-rw-r--r-- | libass/ass.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/libass/ass.c b/libass/ass.c index 6505892..ad37606 100644 --- a/libass/ass.c +++ b/libass/ass.c @@ -1117,7 +1117,7 @@ ASS_Track *ass_read_memory(ASS_Library *library, char *buf, size_t bufsize, char *codepage) { ASS_Track *track; - int need_free = 0; + int copied = 0; if (!buf) return 0; @@ -1128,12 +1128,19 @@ ASS_Track *ass_read_memory(ASS_Library *library, char *buf, if (!buf) return 0; else - need_free = 1; + copied = 1; } #endif + if (!copied) { + char *newbuf = malloc(bufsize + 1); + if (!newbuf) + return 0; + memcpy(newbuf, buf, bufsize); + newbuf[bufsize] = '\0'; + buf = newbuf; + } track = parse_memory(library, buf); - if (need_free) - free(buf); + free(buf); if (!track) return 0; |