diff options
author | low-batt <86170219+low-batt@users.noreply.github.com> | 2023-04-24 21:56:38 -0400 |
---|---|---|
committer | Dudemanguy <random342@airmail.cc> | 2023-04-29 01:37:41 +0000 |
commit | 6d208d38d24a423b85eb814c3c5cdff8d9327bb4 (patch) | |
tree | 32109c5a3b81f0f966effc231ad826ba6c6f2dc2 | |
parent | e928bd5fdb4e2a7cac3e55c4a2056c0cb4a76d9c (diff) | |
download | mpv-6d208d38d24a423b85eb814c3c5cdff8d9327bb4.tar.bz2 mpv-6d208d38d24a423b85eb814c3c5cdff8d9327bb4.tar.xz |
charset_conv: fix memory corruption in mp_iconv_to_utf8
If mp_iconv_to_utf8 was given an empty string to convert in the buf
parameter it would corrupt memory when writing a null into outbuf
before returning it to the caller. This happened when streaming from a
URL that ends in a slash. For such a URL the method mp_basename returns
an empty string. The method append_dir_subtitles passes the result
returned from mp_basename to mp_iconv_to_utf8 which then corrupts
memory. This was detected using Guard Malloc. The fix changes
mp_iconv_to_utf8 check up front if buf is empty and if it is return
buf as the result in compliance with the documented behavior of the
method when no conversion is needed.
Fixes #11626
-rw-r--r-- | misc/charset_conv.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/misc/charset_conv.c b/misc/charset_conv.c index 51e55c6338..cbd1c70afb 100644 --- a/misc/charset_conv.c +++ b/misc/charset_conv.c @@ -161,6 +161,9 @@ const char *mp_charset_guess(void *talloc_ctx, struct mp_log *log, bstr buf, bstr mp_iconv_to_utf8(struct mp_log *log, bstr buf, const char *cp, int flags) { #if HAVE_ICONV + if (!buf.len) + return buf; + if (!cp || !cp[0] || mp_charset_is_utf8(cp)) return buf; |