[FFmpeg-devel] [PATCH 2/2] avformat/hls: Don't strdup non-null-terminated string

Steven Liu lq at chinaffmpeg.org
Sun Mar 22 02:57:17 EET 2020 


> 2020年3月22日 上午7:28,Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 写道:
> 
> Andreas Rheinhardt:
>> If an URI indicated that the data protocol was in use, it would be
>> copied into a temporary buffer via strncpy(dst, src, strlen(src)),
>> thereby ensuring that the trailing \0 would not be copied, despite dst
>> being uninitialized. dst would then be av_strdup'ed, leading to
>> potential segfaults.
>> 
>> The solution to this is simple: Don't copy the URI in the temporary
>> buffer at all, instead av_strdup it directly.
>> 
>> This fixes a -Wstringop-truncation warning emitted by GCC 9.2.
>> 
>> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
>> ---
>> This is honestly untested, as this is not covered by FATE.
>> 
>> libavformat/hls.c | 7 +++----
>> 1 file changed, 3 insertions(+), 4 deletions(-)
>> 
>> diff --git a/libavformat/hls.c b/libavformat/hls.c
>> index 1f58e745a7..fc45719d1c 100644
>> --- a/libavformat/hls.c
>> +++ b/libavformat/hls.c
>> @@ -403,8 +403,7 @@ static struct segment *new_init_section(struct playlist *pls,
>>                                         const char *url_base)
>> {
>>     struct segment *sec;
>> -    char *ptr;
>> -    char tmp_str[MAX_URL_SIZE];
>> +    char tmp_str[MAX_URL_SIZE], *ptr = tmp_str;
>> 
>>     if (!info->uri[0])
>>         return NULL;
>> @@ -414,11 +413,11 @@ static struct segment *new_init_section(struct playlist *pls,
>>         return NULL;
>> 
>>     if (!av_strncasecmp(info->uri, "data:", 5)) {
>> -        strncpy(tmp_str, info->uri, strlen(info->uri));
>> +        ptr = info->uri;
>>     } else {
>>         ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
>>     }
>> -    sec->url = av_strdup(tmp_str);
>> +    sec->url = av_strdup(ptr);
>>     if (!sec->url) {
>>         av_free(sec);
>>         return NULL;
>> 
> Ping.
Looks ok.
> 
> - Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

Thanks

Steven Liu

More information about the ffmpeg-devel mailing list