Subtitle: fix off-by-one error during allocation before call to sscanf

Fix a crash when parsing subtitles. From the man page of sscanf: "the next pointer must be a pointer to character array that is long enough to hold the input sequence and the terminating null byte" Signed-off-by: Ilkka Ollakka <ileoo@videolan.org>

Subtitle: fix off-by-one error during allocation before call to sscanf
Fix a crash when parsing subtitles. From the man page of sscanf: "the next pointer must be a pointer to character array that is long enough to hold the input sequence and the terminating null byte" Signed-off-by: Ilkka Ollakka <ileoo@videolan.org>
d839410a · Felix Abecassis · Ilkka Ollakka · 5c0a6cab · d839410a
Commit d839410a authored Feb 26, 2014 by Felix Abecassis Committed by Ilkka Ollakka Feb 26, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

modules/demux/subtitle.c modules/demux/subtitle.c +2 -2

No files found.
--- a/modules/demux/subtitle.c
+++ b/modules/demux/subtitle.c
@@ -1012,8 +1012,8 @@ static int subtitle_ParseSubRipTiming( subtitle_t *p_subtitle,
 {
    int i_result = VLC_EGENERIC;
    char *psz_start, *psz_stop;
-    psz_start = malloc( strlen(s) );
-    psz_stop = malloc( strlen(s) );
+    psz_start = malloc( strlen(s) + 1 );
+    psz_stop = malloc( strlen(s) + 1 );

    if( sscanf( s, "%s --> %s", psz_start, psz_stop) == 2 &&
        subtitle_ParseSubRipTimingValue( &p_subtitle->i_start, psz_start ) == VLC_SUCCESS &&