[FFmpeg-cvslog] avfilter/formats: Make check for buffer overflow redundant

Thu Aug 20 03:15:46 EEST 2020

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Thu Aug 13 18:31:04 2020 +0200| [55eb24a92fdb44da65364da61917f085286a48d2] | committer: Andreas Rheinhardt

avfilter/formats: Make check for buffer overflow redundant

and remove the redundant check.

This check for whether the allocated buffer is sufficient has been added
in commit 1cbf7fb4345a3e5b7791d483241bf4759bde4ece (merging commit
5775a1832c4165e6acc1d307004b38701bb463f4). It is not sufficient to
detect invalid input lists (namely lists with duplicates); its only use
is to avoid buffer overflows. And this can be achieved by simpler means:
Make sure that one allocates space for so many elements as the outer loop
ranges over and break out of the inner loop if a match has been found.
For valid input without duplicates, no further match will be found anyway.

This change will temporarily make the allocated formats array larger
than before and larger than necessary; this will be fixed in a later
commit that avoids the allocation altogether.

If a check for duplicates in the lists is deemed necessary, it should be
done properly somewhere else.

Finally, the error message that is removed in this commit used
__FUNCTION__, which is a GCC extension (C99 added __func__ for this).
So this commit removes a warning when compiling in -pedantic mode.

Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55eb24a92fdb44da65364da61917f085286a48d2
---

 libavfilter/formats.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/libavfilter/formats.c b/libavfilter/formats.c
index 86a38dbe3b..c5a64c14c6 100644
--- a/libavfilter/formats.c
+++ b/libavfilter/formats.c
@@ -65,7 +65,7 @@ do {                                                                       \
  */
 #define MERGE_FORMATS(ret, a, b, fmts, nb, type, fail)                          \
 do {                                                                            \
-    int i, j, k = 0, count = FFMIN(a->nb, b->nb);                               \
+    int i, j, k = 0, count = a->nb;                                             \
     type ***tmp;                                                                \
                                                                                 \
     if (!(ret = av_mallocz(sizeof(*ret))))                                      \
@@ -77,13 +77,8 @@ do {
         for (i = 0; i < a->nb; i++)                                             \
             for (j = 0; j < b->nb; j++)                                         \
                 if (a->fmts[i] == b->fmts[j]) {                                 \
-                    if(k >= FFMIN(a->nb, b->nb)){                               \
-                        av_log(NULL, AV_LOG_ERROR, "Duplicate formats in %s detected\n", __FUNCTION__); \
-                        av_free(ret->fmts);                                     \
-                        av_free(ret);                                           \
-                        return NULL;                                            \
-                    }                                                           \
                     ret->fmts[k++] = a->fmts[i];                                \
+                    break;                                                      \
                 }                                                               \
     }                                                                           \
     ret->nb = k;                                                                \

