Message ID | 20190416144834.20300-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 6f0e9a863466bfcbd75ee15d4d8a6aad2a5126a4 |
Headers | show |
On 4/16/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > The function in case of n=0 would read more bytes than 0. > The end pointer could be beyond the allocated space, which > is undefined. > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavutil/avstring.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/libavutil/avstring.c b/libavutil/avstring.c > index f03dd25141..4c068f5bc5 100644 > --- a/libavutil/avstring.c > +++ b/libavutil/avstring.c > @@ -222,12 +222,13 @@ int av_strcasecmp(const char *a, const char *b) > > int av_strncasecmp(const char *a, const char *b, size_t n) > { > - const char *end = a + n; > uint8_t c1, c2; > + if (n <= 0) > + return 0; > do { > c1 = av_tolower(*a++); > c2 = av_tolower(*b++); > - } while (a < end && c1 && c1 == c2); > + } while (--n && c1 && c1 == c2); > return c1 - c2; > } > > -- > 2.21.0 > LGTM > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Tue, Apr 16, 2019 at 06:31:28PM +0200, Paul B Mahol wrote: > On 4/16/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > > The function in case of n=0 would read more bytes than 0. > > The end pointer could be beyond the allocated space, which > > is undefined. > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavutil/avstring.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/libavutil/avstring.c b/libavutil/avstring.c > > index f03dd25141..4c068f5bc5 100644 > > --- a/libavutil/avstring.c > > +++ b/libavutil/avstring.c > > @@ -222,12 +222,13 @@ int av_strcasecmp(const char *a, const char *b) > > > > int av_strncasecmp(const char *a, const char *b, size_t n) > > { > > - const char *end = a + n; > > uint8_t c1, c2; > > + if (n <= 0) > > + return 0; > > do { > > c1 = av_tolower(*a++); > > c2 = av_tolower(*b++); > > - } while (a < end && c1 && c1 == c2); > > + } while (--n && c1 && c1 == c2); > > return c1 - c2; > > } > > > > -- > > 2.21.0 > > > > LGTM will apply [...]
diff --git a/libavutil/avstring.c b/libavutil/avstring.c index f03dd25141..4c068f5bc5 100644 --- a/libavutil/avstring.c +++ b/libavutil/avstring.c @@ -222,12 +222,13 @@ int av_strcasecmp(const char *a, const char *b) int av_strncasecmp(const char *a, const char *b, size_t n) { - const char *end = a + n; uint8_t c1, c2; + if (n <= 0) + return 0; do { c1 = av_tolower(*a++); c2 = av_tolower(*b++); - } while (a < end && c1 && c1 == c2); + } while (--n && c1 && c1 == c2); return c1 - c2; }
The function in case of n=0 would read more bytes than 0. The end pointer could be beyond the allocated space, which is undefined. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavutil/avstring.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)