# HG changeset patch
# User reimar
# Date 1351714309 0
# Node ID 349f03d4c03397e99837aa6a21fcae97441293df
# Parent  f46a80e9fe77e26840405d30b79dffcb75a461ce
Fix potential out-of-bounds write due to breaking
out only of the inner loop when reaching the limit.

diff -r f46a80e9fe77 -r 349f03d4c033 sub/sub.c
--- a/sub/sub.c	Wed Oct 31 20:05:31 2012 +0000
+++ b/sub/sub.c	Wed Oct 31 20:11:49 2012 +0000
@@ -942,6 +942,8 @@
 		    obj->params.subtitle.utbl[utblc++] = c;
 		    k++;
 		}
+		if (utblc > MAX_UCS)
+		    break;
 		obj->params.subtitle.utbl[utblc++] = ' ';
 	    }
 	    obj->params.subtitle.utbl[utblc - 1] = 0;