[FFmpeg-cvslog] avutil/channel_layout: Account for \0 in sizes

[Andreas Rheinhardt]

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Sun Aug  6 09:52:30 2023 +0200| [c4f35ba8084f254afe1fb05202abfdcfff63b854] | committer: Andreas Rheinhardt

avutil/channel_layout: Account for \0 in sizes

av_channel_name(), av_channel_description() and
av_channel_layout_describe() are supposed to return the size
of the needed buffer to allow the user to check for truncation;
the documentation ("If the returned value is bigger than buf_size,
then the string was truncated.") confirms that size does not
mean strlen.

Yet the AVBPrint API, i.e. AVBPrint.len, does not account for
the terminating '\0'. Therefore the returned length is off by one.

Furthermore, also check for whether the returned value actually
fits in an int (which is the return value of these functions).

Reviewed-by: Nicolas George <george at nsup.org>
Reviewed-by: James Almer <jamrial at gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4f35ba8084f254afe1fb05202abfdcfff63b854
---

 libavutil/channel_layout.c | 12 +++++++++---
 libavutil/version.h        |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/libavutil/channel_layout.c b/libavutil/channel_layout.c
index e2f7512254..9b581ae6b3 100644
--- a/libavutil/channel_layout.c
+++ b/libavutil/channel_layout.c
@@ -108,7 +108,9 @@ int av_channel_name(char *buf, size_t buf_size, enum AVChannel channel_id)
     av_bprint_init_for_buffer(&bp, buf, buf_size);
     av_channel_name_bprint(&bp, channel_id);
 
-    return bp.len;
+    if (bp.len >= INT_MAX)
+        return AVERROR(ERANGE);
+    return bp.len + 1;
 }
 
 void av_channel_description_bprint(AVBPrint *bp, enum AVChannel channel_id)
@@ -135,7 +137,9 @@ int av_channel_description(char *buf, size_t buf_size, enum AVChannel channel_id
     av_bprint_init_for_buffer(&bp, buf, buf_size);
     av_channel_description_bprint(&bp, channel_id);
 
-    return bp.len;
+    if (bp.len >= INT_MAX)
+        return AVERROR(ERANGE);
+    return bp.len + 1;
 }
 
 enum AVChannel av_channel_from_string(const char *str)
@@ -789,7 +793,9 @@ int av_channel_layout_describe(const AVChannelLayout *channel_layout,
     if (ret < 0)
         return ret;
 
-    return bp.len;
+    if (bp.len >= INT_MAX)
+        return AVERROR(ERANGE);
+    return bp.len + 1;
 }
 
 enum AVChannel
diff --git a/libavutil/version.h b/libavutil/version.h
index b36310ee4c..5a4d4d3d73 100644
--- a/libavutil/version.h
+++ b/libavutil/version.h
@@ -80,7 +80,7 @@
 
 #define LIBAVUTIL_VERSION_MAJOR  58
 #define LIBAVUTIL_VERSION_MINOR  16
-#define LIBAVUTIL_VERSION_MICRO 100
+#define LIBAVUTIL_VERSION_MICRO 101
 
 #define LIBAVUTIL_VERSION_INT   AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \
                                                LIBAVUTIL_VERSION_MINOR, \