[FFmpeg-cvslog] avformat/hls: Don't strdup non-null-terminated string

Andreas Rheinhardt git at videolan.org
Tue Mar 24 22:28:46 EET 2020


ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Tue Mar  3 03:41:13 2020 +0100| [9dfc409e6b18d2984bdd5f041413173549e0fdd5] | committer: Andreas Rheinhardt

avformat/hls: Don't strdup non-null-terminated string

If an URI indicated that the data protocol was in use, it would be
copied into a temporary buffer via strncpy(dst, src, strlen(src)),
thereby ensuring that the trailing \0 would not be copied, despite dst
being uninitialized. dst would then be av_strdup'ed, leading to
potential segfaults.

The solution to this is simple: Don't copy the URI in the temporary
buffer at all, instead av_strdup it directly.

This fixes a -Wstringop-truncation warning emitted by GCC 9.2.

Reviewed-by: Steven Liu <lq at chinaffmpeg.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dfc409e6b18d2984bdd5f041413173549e0fdd5
---

 libavformat/hls.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 1f58e745a7..fc45719d1c 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -403,8 +403,7 @@ static struct segment *new_init_section(struct playlist *pls,
                                         const char *url_base)
 {
     struct segment *sec;
-    char *ptr;
-    char tmp_str[MAX_URL_SIZE];
+    char tmp_str[MAX_URL_SIZE], *ptr = tmp_str;
 
     if (!info->uri[0])
         return NULL;
@@ -414,11 +413,11 @@ static struct segment *new_init_section(struct playlist *pls,
         return NULL;
 
     if (!av_strncasecmp(info->uri, "data:", 5)) {
-        strncpy(tmp_str, info->uri, strlen(info->uri));
+        ptr = info->uri;
     } else {
         ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
     }
-    sec->url = av_strdup(tmp_str);
+    sec->url = av_strdup(ptr);
     if (!sec->url) {
         av_free(sec);
         return NULL;



More information about the ffmpeg-cvslog mailing list