[FFmpeg-devel] [PATCHv2] ffserver: fix incorrect strlcpy usage
Michael Niedermayer
michael at niedermayer.cc
Tue Nov 10 00:50:23 CET 2015
On Sat, Nov 07, 2015 at 07:21:59AM -0500, Ganesh Ajjanagadde wrote:
> Somewhat ironic that this "safe" interface is actually being used
> unsafely here. This fixes the usage preventing potential null pointer
> dereference, where the old code was doubly broken: ctime can return
> NULL, and ctime can return an arbitrarily long buffer.
>
> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde at gmail.com>
> ---
> ffserver.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/ffserver.c b/ffserver.c
> index 526cbfc..c1746dc 100644
> --- a/ffserver.c
> +++ b/ffserver.c
> @@ -305,15 +305,19 @@ static void ffm_set_write_index(AVFormatContext *s, int64_t pos,
> ffm->file_size = file_size;
> }
>
> -static char *ctime1(char *buf2, int buf_size)
> +static char *ctime1(char *buf2, size_t buf_size)
> {
> time_t ti;
> char *p;
>
> ti = time(NULL);
> p = ctime(&ti);
> + if (!p || !strcmp(p, "")) {
can be simplified to !p || !*p
otherwise LGTM
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151110/dfba511d/attachment.sig>
More information about the ffmpeg-devel
mailing list