mirror/mpv
0
0
Fork 0
mirror of https://github.com/mpv-player/mpv.git synced 2024-09-20 12:02:23 +02:00
Code

filter_sdh: sanitize get_char_bytes heuristic to avoid overflow

Browse Source 
There's a simple check in filter_sdh that gets the bytes of the first
character in a string in order to do pointer arthimetic to filter the
string. The problem is that it is possible for the amount of bytes to be
greater than the actual length of the string for certain unicode
characters. This can't be worked with so enforce the strlen as the
absolute minimum here to avoid overflow situations.

Fixes #13237.
This commit is contained in:
Dudemanguy 2024-01-12 20:03:50 -06:00
parent 431b420dd6
commit e15b2b19a3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sub/filter_sdh.c
View File

@ -72,13 +72,13 @@ static int get_char_bytes(char *str)
// using anything else anyway.
if (str && str[0]) {
if (!(str[0] >> 7 & 1)) {
return 1;
return MPMIN(strlen(str), 1);
} else if (!(str[0] >> 5 & 1)) {
return 2;
return MPMIN(strlen(str), 2);
} else if (!(str[0] >> 4 & 1)) {
return 3;
return MPMIN(strlen(str), 3);
} else if (!(str[0] >> 3 & 1)) {
return 4;
return MPMIN(strlen(str), 4);
}
}
return 0;