avformat/aviobuf: Fix end check in put_str16()
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 13 Jan 2016 01:31:59 +0000 (02:31 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 15 Jan 2016 16:39:04 +0000 (17:39 +0100)
Fixes out of array read
Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 115fb6d03ef6310732b42258d8c3cd1839cfb74b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/aviobuf.c

index 4ce18e4..20621ba 100644 (file)
@@ -358,6 +358,8 @@ int avio_put_str16le(AVIOContext *s, const char *str)
 invalid:
         av_log(s, AV_LOG_ERROR, "Invaid UTF8 sequence in avio_put_str16le\n");
         err = AVERROR(EINVAL);
+        if (!*(q-1))
+            break;
     }
     avio_wl16(s, 0);
     if (err)