[FFmpeg-devel] [PATCH] tcp.c/udp.c memleak?

Ronald S. Bultje rsbultje
Sat Aug 23 22:26:41 CEST 2008


Hi,

On Sat, Aug 23, 2008 at 4:08 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Sat, Aug 23, 2008 at 03:05:49PM -0400, Ronald S. Bultje wrote:
>> On Sat, Aug 23, 2008 at 1:43 PM, Ronald S. Bultje <rsbultje at gmail.com> wrote:
>> > time for more stuff. This patch removes the check for "@" in hostname
>> > for tcp.c, because url_split() already does that.
>>
>> you forgot this one. :-). I've tested that even if auth is NULL, the @
>> part is stripped correctly, so this code is never reached. Do I need
>> to do additional testing?
>
> no, but if you replace the line by an equivalent assert() iam ok with
> it

That'd be exploitable if you give a URI with multiple @s? Change
url_split() and add a return value?

(Maybe I should just leave it as-is. :-).)

Ronald




More information about the ffmpeg-devel mailing list