From 5f92a192315fc9349e7c9bdc923666f79d5c5e8d Mon Sep 17 00:00:00 2001
From: Marton Balint <cus@passwd.hu>
Date: Wed, 29 Mar 2023 00:01:17 +0200
Subject: [PATCH] avformat/assenc: avoid incorrect copy of null terminator

When writing a subtitle SSA/ASS subtitle file, the AVCodecParameters::extradata
buffer is written directly to the output.  In the case where the buffer is
filled from a matroska source file produced by some older versions of
Handbrake, this buffer ends with a null terminating character, which is then
erroneously copied into the middle of the output file. The change here avoids
this problem by treating it as a string rather than a raw buffer. This way it
is agnostic as to whether the source buffer was null terminated or not.

Fixes ticket #10203.

Reported-by: Tim Angus <tim at ngus.net>
Signed-off-by: Marton Balint <cus@passwd.hu>
---
 libavformat/assenc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/assenc.c b/libavformat/assenc.c
index 85a1e53371..6ecfb04517 100644
--- a/libavformat/assenc.c
+++ b/libavformat/assenc.c
@@ -70,8 +70,9 @@ static int write_header(AVFormatContext *s)
                 ass->trailer = trailer;
         }
 
+        header_size = av_strnlen(par->extradata, header_size);
         avio_write(s->pb, par->extradata, header_size);
-        if (par->extradata[header_size - 1] != '\n')
+        if (header_size && par->extradata[header_size - 1] != '\n')
             avio_write(s->pb, "\r\n", 2);
         ass->ssa_mode = !strstr(par->extradata, "\n[V4+ Styles]");
         if (!strstr(par->extradata, "\n[Events]"))