[FFmpeg-devel] [PATCH 2/2] avformat/webm_chunk: Check header filename length

Michael Niedermayer michael at niedermayer.cc
Thu May 2 21:49:36 EEST 2019


Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavformat/webm_chunk.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c
index 561ec152e7..e2fbd8be1d 100644
--- a/libavformat/webm_chunk.c
+++ b/libavformat/webm_chunk.c
@@ -88,6 +88,8 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char filename[M
 {
     WebMChunkContext *wc = s->priv_data;
     AVFormatContext *oc = wc->avf;
+    int len;
+
     if (!filename) {
         return AVERROR(EINVAL);
     }
@@ -96,7 +98,11 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char filename[M
             av_log(oc, AV_LOG_ERROR, "No header filename provided\n");
             return AVERROR(EINVAL);
         }
-        av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE);
+        len = av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE);
+        if (len >= MAX_FILENAME_SIZE) {
+            av_log(oc, AV_LOG_ERROR, "header filename too long\n");
+            return AVERROR(EINVAL);
+        }
     } else {
         if (av_get_frame_filename(filename, MAX_FILENAME_SIZE,
                                   s->url, wc->chunk_index - 1) < 0) {
-- 
2.21.0



More information about the ffmpeg-devel mailing list