avformat/assdec: make sure pos is initialized

Fixes use of uninitialized memory Fixes: signal_sigsegv_504fb0_10_signal_sigsegv_504fb0_343_mewmew_ssa.avi Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
author: Clément Bœsch <u@pkh.me> 2014-10-04 12:22:37 +0200
committer: Clément Bœsch <u@pkh.me> 2014-10-04 12:27:58 +0200
commit: 138902dfb60fbb87fb65a8c4800f8ac661394b72 (patch)
tree: 07c2c2478e2b914cf7463654866ffbe6db7c31f2 /libavformat/assdec.c
parent: dceebe1a60b148028933cc47a6d92b0738919cfe (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/assdec.c b/libavformat/assdec.c
index ba7bc8b787..87ce2f25ee 100644
--- a/libavformat/assdec.c
+++ b/libavformat/assdec.c
@@ -57,14 +57,14 @@ static int ass_read_close(AVFormatContext *s)
 static int read_dialogue(ASSContext *ass, AVBPrint *dst, const uint8_t *p,
                          int64_t *start, int *duration)
 {
-    int pos;
+    int pos = 0;
     int64_t end;
     int hh1, mm1, ss1, ms1;
     int hh2, mm2, ss2, ms2;
 
     if (sscanf(p, "Dialogue: %*[^,],%d:%d:%d%*c%d,%d:%d:%d%*c%d,%n",
                &hh1, &mm1, &ss1, &ms1,
-               &hh2, &mm2, &ss2, &ms2, &pos) >= 8) {
+               &hh2, &mm2, &ss2, &ms2, &pos) >= 8 && pos > 0) {
 
         /* This is not part of the sscanf itself in order to handle an actual
          * number (which would be the Layer) or the form "Marked=N" (which is
author	Clément Bœsch <u@pkh.me>	2014-10-04 12:22:37 +0200
committer	Clément Bœsch <u@pkh.me>	2014-10-04 12:27:58 +0200
commit	138902dfb60fbb87fb65a8c4800f8ac661394b72 (patch)
tree	07c2c2478e2b914cf7463654866ffbe6db7c31f2 /libavformat/assdec.c
parent	dceebe1a60b148028933cc47a6d92b0738919cfe (diff)