From c01935986c68288ae5ad82e68cac0744740d8a0a Mon Sep 17 00:00:00 2001 From: wm4 Date: Sat, 19 Dec 2015 21:21:36 +0100 Subject: lavc_conv: fix invalid write Well shit. Restructure it such that the returned list is always NULL- terminated with the same mechanism. --- sub/lavc_conv.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'sub') diff --git a/sub/lavc_conv.c b/sub/lavc_conv.c index 21e54c04a7..7e2ed4ef25 100644 --- a/sub/lavc_conv.c +++ b/sub/lavc_conv.c @@ -232,9 +232,9 @@ char **lavc_conv_decode(struct lavc_conv *priv, struct demux_packet *packet) AVPacket pkt; AVPacket parsed_pkt = {0}; int ret, got_sub; + int num_cur = 0; avsubtitle_free(&priv->cur); - priv->cur_list[0] = NULL; mp_set_av_packet(&pkt, packet, &avctx->time_base); @@ -250,7 +250,6 @@ char **lavc_conv_decode(struct lavc_conv *priv, struct demux_packet *packet) if (ret < 0) { MP_ERR(priv, "Error decoding subtitle\n"); } else if (got_sub) { - int num_cur = 0; for (int i = 0; i < priv->cur.num_rects; i++) { if (priv->cur.rects[i]->w > 0 && priv->cur.rects[i]->h > 0) MP_WARN(priv, "Ignoring bitmap subtitle.\n"); @@ -259,11 +258,11 @@ char **lavc_conv_decode(struct lavc_conv *priv, struct demux_packet *packet) continue; MP_TARRAY_APPEND(priv, priv->cur_list, num_cur, ass_line); } - MP_TARRAY_APPEND(priv, priv->cur_list, num_cur, NULL); } done: av_packet_unref(&parsed_pkt); + MP_TARRAY_APPEND(priv, priv->cur_list, num_cur, NULL); return priv->cur_list; } -- cgit v1.2.3