[FFmpeg-devel] [PATCH] avformat/hlsenc: Fix path handling on Windows

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Sat Jan 15 20:33:38 EET 2022 

Soft Works:
> 
> 
>> -----Original Message-----
>> From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of Andreas
>> Rheinhardt
>> Sent: Saturday, January 15, 2022 7:40 AM
>> To: ffmpeg-devel at ffmpeg.org
>> Subject: Re: [FFmpeg-devel] [PATCH] avformat/hlsenc: Fix path handling on
>> Windows
>>
>> ffmpegagent:
>>> From: softworkz <softworkz at hotmail.com>
>>>
>>> Signed-off-by: softworkz <softworkz at hotmail.com>
>>> ---
>>>     avformat/hlsenc: Fix path handling on Windows
>>>
>>>     Handling for DOS path separators was missing
>>>
>>> Published-As: https://github.com/ffstaging/FFmpeg/releases/tag/pr-
>> ffstaging-19%2Fsoftworkz%2Fsubmit_hlspath-v1
>>> Fetch-It-Via: git fetch https://github.com/ffstaging/FFmpeg pr-ffstaging-
>> 19/softworkz/submit_hlspath-v1
>>> Pull-Request: https://github.com/ffstaging/FFmpeg/pull/19
>>>
>>>  libavformat/hlsenc.c | 4 ++++
>>>  1 file changed, 4 insertions(+)
>>>
>>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
>>> index ef8973cea1..eff7f4212e 100644
>>> --- a/libavformat/hlsenc.c
>>> +++ b/libavformat/hlsenc.c
>>> @@ -3028,6 +3028,10 @@ static int hls_init(AVFormatContext *s)
>>>                  }
>>>
>>>                  p = strrchr(vs->m3u8_name, '/');
>>> +#if HAVE_DOS_PATHS
>>> +                p = FFMAX(p, strrchr(vs->m3u8_name, '\\'));
>>> +#endif
>>> +
>>>                  if (p) {
>>>                      char tmp = *(++p);
>>>                      *p = '\0';
>>>
>>> base-commit: c936c319bd54f097cc1d75b1ee1c407d53215d71
>>>
>>
> 
> Thanks for reviewing.
> 
>> 1. You seem to be under the impression that NULL <= all other pointers.
>> This is wrong. Relational operators acting on pointers are only defined
>> when both point to the same object (the case of "one past the last
>> element of an array" is also allowed) and are undefined behaviour otherwise.
> 
> The case about NULL is interesting - I wasn't aware of that.
> Is it practically relevant, i.e. is there any platform where casting 
> (void *)0 does not evaluate to 0 ?
> 

"An integer constant expression with the value 0, or such an expression
cast to type
 void *, is called a null pointer constant." (C11, 6.3.2.3 3) (void*)0
is therefore a valid null pointer constant and is also commonly used for
the NULL macro. (void*)0 == 0 is always true, because the right hand
side is converted to the type of the pointer (namely to a null pointer)
and all null pointers compare equal. But this is irrelevant to
relational comparisons, because checking for equality of pointers is not
subject to these pointers pointing to the same object (or one past the
last element of an array...), whereas this is so for relational operations.

(If one uses unsigned for pointers, then one only needs to reserve two
values that can not be used as part of an object: 0 and the max value
(the latter can't be used for an object, because using a pointer one
past the object is legal and has to be consistent with "<=" (and anyway
said pointer must compare unequal to NULL)); if one used signed
comparisons for pointers, one would have to reserve -1, 0 and the max
value, the former because a one past the end array element needs to
compare unequal to NULL and the latter to be consistent with <= and a
potential one-past-the-end element. But this is a very small advantage.
Honestly, I don't know whether compilers consistently use unsigned
comparisons for pointer comparisons at all (even when restricted to
compilers for systems with HAVE_DOS_PATHS). The fact that comparisons of
pointers to different objects is UB means that compiler writers actually
can choose what they want.)

(Furthermore, it is not guaranteed by the spec that zeroing a pointer
via memset (or calloc) generates a valid null pointer. E.g. the
documentation of calloc has this footnote: "Note that this [the bitwise
zero-initialization] need not be the same as the representation of
floating-point zero or a null pointer constant." But I don't know a
system where this is not so and we definitely require it to be so.)

>> 2. Apart from that: Your code would potentially evaluate strrchr()
>> multiple times which is bad style (given that this function is likely
>> marked as pure the compiler could probably optimize the second call
>> away, but this is not a given).
> 
> It's not my code. It's code copied from avstring.c - so please blame
> whoever that wrote.
> 

I couldn't find strrchr() being evaluated multiple times unnecessarily
due to a macro in avstring.c.

> Regarding performance, I'm not sure whether this is relevant in any way,
> given the low frequency of execution and putting it into relation to 
> all the other things that ffmpeg is doing usually.
> 

The above would be a valid point if there were a tradeoff between
writing the code without repeated evaluations and writing clear code.
(And even then you'd be ignoring that the performance difference might
be negligible for code only run very infrequently, but bloated code
takes more space in the binary even when executed infrequently.) But
there is no such tradeoff here.

>> 3. The code in av_basename() is also wrong.
> 
> ...
> 
>> 4. Is there actually a reason why you don't use av_basename() directly here?
> 
> Yes, multiple:
> 
> 1. Different behavior - those functions are returning a "." when not found

av_basename() also has precise guarantees when this happens.

> 2. The docs tell it's required to copy a string before supplying it to
>    those functions (as they may changing the string).

You are confusing av_basename() and av_dirname().

> 3. The hlsenc code changes the string temporarily and restores it after
>    wards. The same couldn't be done when using the avstring functions.
> 

Why? In case you already know that the result is not a pointer to the
static ".", you either get your path back (equivalent to no match) or a
pointer to the char that you want to temporarily zero. (Granted, it is
dubious whether using it is actually advantageous.)

(Actually, your code is still slightly different from av_basename(): The
latter has special handling for the drive separator ':' and I wanted to
know why you don't. Given that this m3u8 path should always have a
non-empty basename component, so there should not be a scenario where
':' is the FFMAX3.)

- Andreas

More information about the ffmpeg-devel mailing list