[FFmpeg-devel] possible NULL access in av_strlcpy.c
Michael Niedermayer
michaelni at gmx.at
Tue Sep 24 14:32:07 CEST 2013
On Tue, Sep 24, 2013 at 07:23:04PM +0800, Zhang Rui wrote:
> Consider this url "rtsp://l.m.cztv.com:554/hdmi/hntv1hd.stream"
>
> // in ff_rtsp_connect()
> ...
> av_url_split(NULL, 0, auth, sizeof(auth), host, sizeof(host), &port,
> path, sizeof(path), s->filename);
> ...
>
> // in av_url_split()
> ...
> av_strlcpy(proto, url, cp); //< proto is NULL here
> ...
>
> // in av_strlcpy()
> ...
> size_t av_strlcpy(char *dst, const char *src, size_t size)
> {
> size_t len = 0;
> while (++len < size && *src)
> *dst++ = *src++;
>
> if (len <= size) {
> //< crash here, even if dst=NULL, len=1, size=0
> *dst = 0;
am i missing something or is this simply a compiler bug ?
and if its a compiler bug, why do you post that to ffmpeg-devel
we dont use -fmodulo-sched -fmodulo-sched-allow-regmoves ?
> }
>
> return len + strlen(src) - 1;
> }
> ...
>
> My configuration script:
> https://github.com/bbcallen/ijkplayer/blob/da0de173bcc66592aef576bfcf47a771ca19dc3f/android/compile-ffmpeg.sh
> OS X: 10.8.5
> xcode: 4.6.5
> NKDr9 with gcc 4.8
>
> After removing "-fmodulo-sched -fmodulo-sched-allow-regmoves" from
> "--extra-cflags", the crash didn't happen again.
>
> "if(dst && len <= size)" can also fix this issue with "-fmodulo-sched" enabled.
>
> BTW: This issue doesn't happen with Apple llvm 4.2 with same config enabled.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Concerning the gods, I have no means of knowing whether they exist or not
or of what sort they may be, because of the obscurity of the subject, and
the brevity of human life -- Protagoras
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130924/c969db20/attachment.asc>
More information about the ffmpeg-devel
mailing list