[FFmpeg-cvslog] avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
Michael Niedermayer
git at videolan.org
Fri May 10 22:03:34 EEST 2019
ffmpeg | branch: release/3.2 | Michael Niedermayer <michael at niedermayer.cc> | Tue Apr 16 00:09:38 2019 +0200| [3905acef67e04578691d0bf15fa7111496c803d7] | committer: Michael Niedermayer
avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
The function in case of n=0 would read more bytes than 0.
The end pointer could be beyond the allocated space, which
is undefined.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6f0e9a863466bfcbd75ee15d4d8a6aad2a5126a4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3905acef67e04578691d0bf15fa7111496c803d7
---
libavutil/avstring.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavutil/avstring.c b/libavutil/avstring.c
index 1787a1ef54..ccd6446867 100644
--- a/libavutil/avstring.c
+++ b/libavutil/avstring.c
@@ -222,12 +222,13 @@ int av_strcasecmp(const char *a, const char *b)
int av_strncasecmp(const char *a, const char *b, size_t n)
{
- const char *end = a + n;
uint8_t c1, c2;
+ if (n <= 0)
+ return 0;
do {
c1 = av_tolower(*a++);
c2 = av_tolower(*b++);
- } while (a < end && c1 && c1 == c2);
+ } while (--n && c1 && c1 == c2);
return c1 - c2;
}
More information about the ffmpeg-cvslog
mailing list