Message ID | 20200908211856.16290-1-andreas.rheinhardt@gmail.com |
---|---|
State | Accepted |
Commit | e2d4a5807fa5914185dc6f3ae0a4d63cd8fe3b29 |
Headers | show |
Series | [FFmpeg-devel,01/25] avfilter/af_headphone: Don't use uninitialized buffer in log message | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
On Tue, Sep 08, 2020 at 11:18:32PM +0200, Andreas Rheinhardt wrote: > This buffer was supposed to be initialized by sscanf(input, "%7[A-Z]%n", > buf, &len), yet if the first input character is not in the A-Z range, > buf is not touched (in particular it needn't be zero-terminated if the > failure happened when parsing the first channel and it still contains > the last channel name if the failure happened when one channel name > could be successfully parsed). This is treated as error in which case > buf is used directly in the log message. This commit fixes this by > actually using the string that could not be matched in the log message > instead. > ok
diff --git a/libavfilter/af_headphone.c b/libavfilter/af_headphone.c index 58d82ac41d..e590d02eff 100644 --- a/libavfilter/af_headphone.c +++ b/libavfilter/af_headphone.c @@ -135,7 +135,7 @@ static void parse_map(AVFilterContext *ctx) p = NULL; if (parse_channel_name(s, s->nb_irs, &arg, &out_ch_id, buf)) { - av_log(ctx, AV_LOG_WARNING, "Failed to parse \'%s\' as channel name.\n", buf); + av_log(ctx, AV_LOG_WARNING, "Failed to parse \'%s\' as channel name.\n", arg); continue; } s->mapping[s->nb_irs] = out_ch_id;
This buffer was supposed to be initialized by sscanf(input, "%7[A-Z]%n", buf, &len), yet if the first input character is not in the A-Z range, buf is not touched (in particular it needn't be zero-terminated if the failure happened when parsing the first channel and it still contains the last channel name if the failure happened when one channel name could be successfully parsed). This is treated as error in which case buf is used directly in the log message. This commit fixes this by actually using the string that could not be matched in the log message instead. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavfilter/af_headphone.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)