From 6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40 Mon Sep 17 00:00:00 2001 From: Martin Storsjö Date: Mon, 15 Dec 2014 12:09:10 +0200 Subject: mov: Fix handling of zero-length metadata values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since 3cec81f4d4, a zero-length metadata value would try to allocate 2*0 bytes, where av_malloc() returns NULL. Always add one to the allocated length, to allow space for a null terminator in the zero-length case. Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler bug seems to mess up the mov muxer to the point that it writes the wrong sort of metadata. Previously this bug was undetected, but since 3cec81f4d4 such mov files started returning AVERROR(ENOMEM) in the mov demuxer. Signed-off-by: Martin Storsjö --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libavformat/mov.c') diff --git a/libavformat/mov.c b/libavformat/mov.c index a64ff4fa19..4590a2de74 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -383,7 +383,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) return AVERROR_INVALIDDATA; // allocate twice as much as worst-case - str_size_alloc = raw ? str_size + 1 : str_size * 2; + str_size_alloc = (raw ? str_size : str_size * 2) + 1; str = av_malloc(str_size_alloc); if (!str) return AVERROR(ENOMEM); -- cgit v1.2.3