[FFmpeg-devel] av_strlcpy() size parameter signedness
Rich Felker
dalias
Sat Sep 29 03:27:02 CEST 2007
On Sat, Sep 29, 2007 at 01:37:48AM +0200, Michael Niedermayer wrote:
> Hi
>
> currently the buffer size parameter for av_strlcpy() (and friends)
> is unsigned this makes sense and is logic but it has a flaw
> that is if a negative value is mistakely used something very bad happens
>
> how can a negative value be assigned?
>
> av_strlcpy(... FFMIN(buf_size, something))
> with something being <0 and buf_size signed
This sounds like a bogus construct. We should find out why values that
can be negative are being used in sizes like this. A hack to make the
problem go away is not appropriate; it's just covering up the
underlying bug.
> i propose that we add a check to the functions so that they treat
> sizes > INT_MAX like 0 (or a equivalent simpler solution)
>
> comments welcome...
IMO it's bad to have a function called strlcpy (even with av_ prefix)
whose semantics are different from the standard BSD function.
Rich
More information about the ffmpeg-devel
mailing list