[FFmpeg-devel] [PATCH] avformat/pjsdec: check strcspn values before using them
Clément Bœsch
u at pkh.me
Sat Jan 11 12:14:52 CET 2014
On Sat, Jan 11, 2014 at 02:44:04AM +0100, Michael Niedermayer wrote:
[...]
> > > pts_start = read_ts(&p, &duration);
> > > if (pts_start != AV_NOPTS_VALUE) {
> > > AVPacket *sub;
> > >
> > > - p[strcspn(p, "\"")] = 0;
> > > + idx = strcspn(p, "\"");
> > > + if (!p[idx]) {
> > > + av_log(s, AV_LOG_ERROR, "missing \"\n");
> > > + return AVERROR_INVALIDDATA;
> > > + }
> > > +
> > > + p[idx] = 0;
> > > sub = ff_subtitles_queue_insert(&pjs->q, p, strlen(p), 0);
> > > if (!sub)
> > > return AVERROR(ENOMEM);
> >
> > The use of strcspn() as such is fine (and we use it everywhere). I'd suggest
>
> it is but i think the code would benefit from some checks and
> warnings or errors over just keeping the pointer within the array
> and producing "some" output for any arbitrary random input.
>
I'm not really against, but if you plan to do that change, please do it in
all the other demuxers, it's a recurring pattern which is meant to be
reproduced over and over again if not fixed everywhere.
>
> > instead:
> >
> > diff --git a/libavformat/pjsdec.c b/libavformat/pjsdec.c
> > index a69a316..6f5db37 100644
> > --- a/libavformat/pjsdec.c
> > +++ b/libavformat/pjsdec.c
> > @@ -53,7 +53,8 @@ static int64_t read_ts(char **line, int *duration)
> > int64_t start, end;
> >
> > if (sscanf(*line, "%"SCNd64",%"SCNd64, &start, &end) == 2) {
> > - *line += strcspn(*line, "\"") + 1;
> > + *line += strcspn(*line, "\"");
> > + *line += !!**line;
> > *duration = end - start;
> > return start;
> > }
> >
> > Which should be enough to enough to fix the problem.
>
> applied
>
> thanks
>
Thanks for taking the burden to do the commit :)
--
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140111/c8119b15/attachment.asc>
More information about the ffmpeg-devel
mailing list