Commit e018cc44 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

mp4: fix off-by-one reading with nul-terminated string

parent 69b0b5a8
...@@ -105,16 +105,14 @@ static char *mp4_getstringz( uint8_t **restrict in, uint64_t *restrict size ) ...@@ -105,16 +105,14 @@ static char *mp4_getstringz( uint8_t **restrict in, uint64_t *restrict size )
assert( *size <= SSIZE_MAX ); assert( *size <= SSIZE_MAX );
size_t len = strnlen( (const char *)*in, *size ); size_t len = strnlen( (const char *)*in, *size );
if( len == 0 ) if( len == 0 || len >= *size )
return NULL; return NULL;
char *ret = malloc( len + 1 ); len++;
char *ret = malloc( len );
if( likely(ret != NULL) ) if( likely(ret != NULL) )
{
memcpy( ret, *in, len ); memcpy( ret, *in, len );
ret[len] = '\0';
}
len++;
*in += len; *in += len;
*size -= len; *size -= len;
return ret; return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment