| Message ID | 20190419220316.47392-1-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
Andreas Rheinhardt: > The last argument of av_strlcpy is supposed to contain the size of the > destination buffer, but it was filled with the size of the source > string, effectively negating its very purpose. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > As the author information in my previous patchset has been munged, I > resend this to make the committer's job easier. > libavformat/webm_chunk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c > index ec1ec4bf91..2c99753b5b 100644 > --- a/libavformat/webm_chunk.c > +++ b/libavformat/webm_chunk.c > @@ -96,7 +96,7 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename) > av_log(oc, AV_LOG_ERROR, "No header filename provided\n"); > return AVERROR(EINVAL); > } > - av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1); > + av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE); > } else { > if (av_get_frame_filename(filename, MAX_FILENAME_SIZE, > s->url, wc->chunk_index - 1) < 0) { > Ping for the whole patchset. - Andreas
On Sat, Apr 20, 2019 at 12:03:14AM +0200, Andreas Rheinhardt wrote: > The last argument of av_strlcpy is supposed to contain the size of the > destination buffer, but it was filled with the size of the source > string, effectively negating its very purpose. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > As the author information in my previous patchset has been munged, I > resend this to make the committer's job easier. > libavformat/webm_chunk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c > index ec1ec4bf91..2c99753b5b 100644 > --- a/libavformat/webm_chunk.c > +++ b/libavformat/webm_chunk.c > @@ -96,7 +96,7 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename) > av_log(oc, AV_LOG_ERROR, "No header filename provided\n"); > return AVERROR(EINVAL); > } > - av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1); > + av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE); > } else { > if (av_get_frame_filename(filename, MAX_FILENAME_SIZE, > s->url, wc->chunk_index - 1) < 0) { > -- > 2.21.0 will apply [...]
diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c index ec1ec4bf91..2c99753b5b 100644 --- a/libavformat/webm_chunk.c +++ b/libavformat/webm_chunk.c @@ -96,7 +96,7 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename) av_log(oc, AV_LOG_ERROR, "No header filename provided\n"); return AVERROR(EINVAL); } - av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1); + av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE); } else { if (av_get_frame_filename(filename, MAX_FILENAME_SIZE, s->url, wc->chunk_index - 1) < 0) {
The last argument of av_strlcpy is supposed to contain the size of the destination buffer, but it was filled with the size of the source string, effectively negating its very purpose. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- As the author information in my previous patchset has been munged, I resend this to make the committer's job easier. libavformat/webm_chunk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)