[FFmpeg-devel] [PATCH 2/2] avformat/hls: Don't strdup non-null-terminated string
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Tue Mar 3 06:20:06 EET 2020
If an URI indicated that the data protocol was in use, it would be
copied into a temporary buffer via strncpy(dst, src, strlen(src)),
thereby ensuring that the trailing \0 would not be copied, despite dst
being uninitialized. dst would then be av_strdup'ed, leading to
potential segfaults.
The solution to this is simple: Don't copy the URI in the temporary
buffer at all, instead av_strdup it directly.
This fixes a -Wstringop-truncation warning emitted by GCC 9.2.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
This is honestly untested, as this is not covered by FATE.
libavformat/hls.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 1f58e745a7..fc45719d1c 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -403,8 +403,7 @@ static struct segment *new_init_section(struct playlist *pls,
const char *url_base)
{
struct segment *sec;
- char *ptr;
- char tmp_str[MAX_URL_SIZE];
+ char tmp_str[MAX_URL_SIZE], *ptr = tmp_str;
if (!info->uri[0])
return NULL;
@@ -414,11 +413,11 @@ static struct segment *new_init_section(struct playlist *pls,
return NULL;
if (!av_strncasecmp(info->uri, "data:", 5)) {
- strncpy(tmp_str, info->uri, strlen(info->uri));
+ ptr = info->uri;
} else {
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
}
- sec->url = av_strdup(tmp_str);
+ sec->url = av_strdup(ptr);
if (!sec->url) {
av_free(sec);
return NULL;
--
2.20.1
More information about the ffmpeg-devel
mailing list