diff options
| author | Dudemanguy <random342@airmail.cc> | 2024-01-12 20:03:50 -0600 |
|---|---|---|
| committer | Dudemanguy <random342@airmail.cc> | 2024-01-12 20:45:40 -0600 |
| commit | e15b2b19a3548c8c210d86a77b52d495494a1e20 (patch) | |
| tree | 39baaf161a7bbec3bce06323da2a74b7d573e22a /sub/filter_sdh.c | |
| parent | 431b420dd6a3e8dc14a3792824a25b5599bfeef2 (diff) | |
| download | mpv-e15b2b19a3548c8c210d86a77b52d495494a1e20.tar.bz2 mpv-e15b2b19a3548c8c210d86a77b52d495494a1e20.tar.xz | |
filter_sdh: sanitize get_char_bytes heuristic to avoid overflow
There's a simple check in filter_sdh that gets the bytes of the first
character in a string in order to do pointer arthimetic to filter the
string. The problem is that it is possible for the amount of bytes to be
greater than the actual length of the string for certain unicode
characters. This can't be worked with so enforce the strlen as the
absolute minimum here to avoid overflow situations.
Fixes #13237.
Diffstat (limited to 'sub/filter_sdh.c')
| -rw-r--r-- | sub/filter_sdh.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sub/filter_sdh.c b/sub/filter_sdh.c index da5337d850..0a1d36749e 100644 --- a/sub/filter_sdh.c +++ b/sub/filter_sdh.c @@ -72,13 +72,13 @@ static int get_char_bytes(char *str) // using anything else anyway. if (str && str[0]) { if (!(str[0] >> 7 & 1)) { - return 1; + return MPMIN(strlen(str), 1); } else if (!(str[0] >> 5 & 1)) { - return 2; + return MPMIN(strlen(str), 2); } else if (!(str[0] >> 4 & 1)) { - return 3; + return MPMIN(strlen(str), 3); } else if (!(str[0] >> 3 & 1)) { - return 4; + return MPMIN(strlen(str), 4); } } return 0; |