From 7b65202e4711899680992b723c3c327bc2fd2983 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Sat, 20 Oct 2012 20:50:40 +0200
Subject: osd_libass: fix stupid dangling pointer crash

append_utf8_buffer() reallocates the buffer passed to it, and returns
the new pointer.

This bug was originally introduced in mplayer2 when that project merged
mpv's osd_libass.c. That merge changed some minor things, including ASS
escape handling. When mpv used this better method of escape handling too
(commit 0ff7dd992fb0), the bug was duplicated.
---
 sub/osd_libass.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sub')

diff --git a/sub/osd_libass.c b/sub/osd_libass.c
index de9f31b2cb..612bef2c56 100644
--- a/sub/osd_libass.c
+++ b/sub/osd_libass.c
@@ -246,7 +246,7 @@ static char *mangle_ass(const char *in)
         res = talloc_strndup_append_buffer(res, in, 1);
         // Break ASS escapes with U+2060 WORD JOINER
         if (*in == '\\')
-            append_utf8_buffer(res, 0x2060);
+            res = append_utf8_buffer(res, 0x2060);
         in++;
     }
     return res;
-- 
cgit v1.2.3