[FFmpeg-devel] [PATCH] tcp.c/udp.c memleak?
Sat Aug 23 23:19:18 CEST 2008
On Sat, Aug 23, 2008 at 04:26:41PM -0400, Ronald S. Bultje wrote:
> On Sat, Aug 23, 2008 at 4:08 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > On Sat, Aug 23, 2008 at 03:05:49PM -0400, Ronald S. Bultje wrote:
> >> On Sat, Aug 23, 2008 at 1:43 PM, Ronald S. Bultje <rsbultje at gmail.com> wrote:
> >> > time for more stuff. This patch removes the check for "@" in hostname
> >> > for tcp.c, because url_split() already does that.
> >> you forgot this one. :-). I've tested that even if auth is NULL, the @
> >> part is stripped correctly, so this code is never reached. Do I need
> >> to do additional testing?
> > no, but if you replace the line by an equivalent assert() iam ok with
> > it
> That'd be exploitable if you give a URI with multiple @s?
I suspect there are easier ways to make ffmpeg abort or exit.
out of memory condition should be very easy to create at many
> url_split() and add a return value?
Iam not sure what you suggest and iam even less sure what the whole
change really is doing.
Its clear the line of code doesnt do nothing as the assert could trigger.
So why was this line addded, was it never needed?
has its need disapeared at some point?
Was it always nonsense?
If it was always nonsense then all code of the patch author should be
carefully reviewed again ...
What looks strange is that this line was added in the same revission that
added url_split() there and that added the @ removing code in url_split()
> (Maybe I should just leave it as-is. :-).)
well that may also not be the best solution ...
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you really think that XML is the answer, then you definitly missunderstood
the question -- Attila Kinali
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
More information about the ffmpeg-devel