[FFmpeg-devel,1/3] lavf/webm_chunk: Respect buffer size

Submitted by Andreas Rheinhardt on April 19, 2019, 10:03 p.m.

Details

Message ID 20190419220316.47392-1-andreas.rheinhardt@gmail.com
State New
Headers show

Commit Message

Andreas Rheinhardt April 19, 2019, 10:03 p.m.
The last argument of av_strlcpy is supposed to contain the size of the
destination buffer, but it was filled with the size of the source
string, effectively negating its very purpose.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
As the author information in my previous patchset has been munged, I
resend this to make the committer's job easier.
 libavformat/webm_chunk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Andreas Rheinhardt May 2, 2019, 2:46 p.m.
Andreas Rheinhardt:
> The last argument of av_strlcpy is supposed to contain the size of the
> destination buffer, but it was filled with the size of the source
> string, effectively negating its very purpose.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
> As the author information in my previous patchset has been munged, I
> resend this to make the committer's job easier.
>  libavformat/webm_chunk.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c
> index ec1ec4bf91..2c99753b5b 100644
> --- a/libavformat/webm_chunk.c
> +++ b/libavformat/webm_chunk.c
> @@ -96,7 +96,7 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename)
>              av_log(oc, AV_LOG_ERROR, "No header filename provided\n");
>              return AVERROR(EINVAL);
>          }
> -        av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1);
> +        av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE);
>      } else {
>          if (av_get_frame_filename(filename, MAX_FILENAME_SIZE,
>                                    s->url, wc->chunk_index - 1) < 0) {
> 
Ping for the whole patchset.

- Andreas
Michael Niedermayer May 2, 2019, 6:42 p.m.
On Sat, Apr 20, 2019 at 12:03:14AM +0200, Andreas Rheinhardt wrote:
> The last argument of av_strlcpy is supposed to contain the size of the
> destination buffer, but it was filled with the size of the source
> string, effectively negating its very purpose.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
> As the author information in my previous patchset has been munged, I
> resend this to make the committer's job easier.
>  libavformat/webm_chunk.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c
> index ec1ec4bf91..2c99753b5b 100644
> --- a/libavformat/webm_chunk.c
> +++ b/libavformat/webm_chunk.c
> @@ -96,7 +96,7 @@ static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename)
>              av_log(oc, AV_LOG_ERROR, "No header filename provided\n");
>              return AVERROR(EINVAL);
>          }
> -        av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1);
> +        av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE);
>      } else {
>          if (av_get_frame_filename(filename, MAX_FILENAME_SIZE,
>                                    s->url, wc->chunk_index - 1) < 0) {
> -- 
> 2.21.0

will apply

[...]

Patch hide | download patch | download mbox

diff --git a/libavformat/webm_chunk.c b/libavformat/webm_chunk.c
index ec1ec4bf91..2c99753b5b 100644
--- a/libavformat/webm_chunk.c
+++ b/libavformat/webm_chunk.c
@@ -96,7 +96,7 @@  static int get_chunk_filename(AVFormatContext *s, int is_header, char *filename)
             av_log(oc, AV_LOG_ERROR, "No header filename provided\n");
             return AVERROR(EINVAL);
         }
-        av_strlcpy(filename, wc->header_filename, strlen(wc->header_filename) + 1);
+        av_strlcpy(filename, wc->header_filename, MAX_FILENAME_SIZE);
     } else {
         if (av_get_frame_filename(filename, MAX_FILENAME_SIZE,
                                   s->url, wc->chunk_index - 1) < 0) {