[FFmpeg-devel] [PATCH 2/7] avutil/bprint: Allow size == 0 in av_bprint_init_for_buffer()

[James Almer]

On 8/9/2023 7:08 AM, Nicolas George wrote:
> Andreas Rheinhardt (12023-08-06):
>> The AVBPrint API guarantees that the string buffer is always
>> zero-terminated; in order to honour this guarantee, there
>> obviously must be a string buffer at all and it must have
>> a size >= 1. Therefore av_bprint_init_for_buffer() treats
>> passing a NULL buffer or size == 0 as invalid data that
>> leads to undefined behaviour, namely NPD in case NULL is provided
>> or a write to a buffer of size 0 in case size == 0.
>>
>> But it would be easy to support this, namely by using the internal
>> buffer with AV_BPRINT_SIZE_COUNT_ONLY in case size == 0.
>>
>> There is a reason to allow this: Several functions like
>> av_channel_(description|name) are actually wrappers
>> around corresponding AVBPrint functions. They accept user
>> provided buffers and are supposed to return the required
>> size of the buffer, which would allow the user to call
>> it once to get the required buffer size and call it once
>> more after having allocated the buffer.
>> If av_bprint_init_for_buffer() treats size == 0 as invalid,
>> all these users would need to check for this themselves
>> and basically add the same codeblock that this patch
>> adds to av_bprint_init_for_buffer().
>>
>> This change is in line with e.g. snprintf() which also allows
>> the pointer to be NULL in case size is zero.
>>
>> This fixes Coverity issues #1503074, #1503076 and #1503082;
>> all of these issues are about providing NULL to the channel-layout
>> functions that are wrappers around AVBPrint versions.
>>
>> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
>> ---
>> Missing lavu minor version bump.
> 
> Looks good to me.
> 
> The other patches in the series too, but I do not maintain the channel
> layouts.
> 
> Regards,

The layout patches are ok too.