[FFmpeg-devel,v2] avformat/dashenc: remove the arbitrary restrictions for filename

From: Limin Wang <lance.lmwang@gmail.com>

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
---
 libavformat/dashenc.c | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

lance.lmwang@gmail.com:
> From: Limin Wang <lance.lmwang@gmail.com>
> 
> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
> ---
>  libavformat/dashenc.c | 28 ++++++++++++----------------
>  1 file changed, 12 insertions(+), 16 deletions(-)
> 
> diff --git a/libavformat/dashenc.c b/libavformat/dashenc.c
> index 94d4639..f80f6f2 100644
> --- a/libavformat/dashenc.c
> +++ b/libavformat/dashenc.c
> @@ -1832,28 +1832,24 @@ static void dashenc_delete_file(AVFormatContext *s, char *filename) {
>  static int dashenc_delete_segment_file(AVFormatContext *s, const char* file)
>  {
>      DASHContext *c = s->priv_data;
> -    size_t dirname_len, file_len;
> -    char filename[1024];
> -
> -    dirname_len = strlen(c->dirname);
> -    if (dirname_len >= sizeof(filename)) {
> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the directory path is too long: %"PRIu64" characters: %s\n",
> -            (uint64_t)dirname_len, c->dirname);
> -        return AVERROR(ENAMETOOLONG);
> -    }
> +    char *filename;
> +    AVBPrint buf;
>  
> -    memcpy(filename, c->dirname, dirname_len);
> +    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
>  
> -    file_len = strlen(file);
> -    if ((dirname_len + file_len) >= sizeof(filename)) {
> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the path is too long: %"PRIu64" characters: %s%s\n",
> -            (uint64_t)(dirname_len + file_len), c->dirname, file);
> -        return AVERROR(ENAMETOOLONG);
> +    av_bprintf(&buf, "%s%s", c->dirname, file);
> +    if (!av_bprint_is_complete(&buf)) {
> +        av_bprint_finalize(&buf, NULL);
> +        return AVERROR(ENOMEM);
> +    }
> +    if (av_bprint_finalize(&buf, &filename) < 0) {

No, don't finalize the AVBPrint -- this will make an allocation even if
the string fits into the internal buffer of the AVBPrint. Instead simply
use buf.str directly for dashenc_delete_file().

- Andreas

> +        av_log(s, AV_LOG_WARNING, "Out of memory for filename\n");
> +        return AVERROR(ENOMEM);
>      }
>  
> -    memcpy(filename + dirname_len, file, file_len + 1); // include the terminating zero
>      dashenc_delete_file(s, filename);
>  
> +    av_freep(&filename);
>      return 0;
>  }
>  
>

On Wed, Apr 08, 2020 at 01:54:12AM +0200, Andreas Rheinhardt wrote:
> lance.lmwang@gmail.com:
> > From: Limin Wang <lance.lmwang@gmail.com>
> > 
> > Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
> > ---
> >  libavformat/dashenc.c | 28 ++++++++++++----------------
> >  1 file changed, 12 insertions(+), 16 deletions(-)
> > 
> > diff --git a/libavformat/dashenc.c b/libavformat/dashenc.c
> > index 94d4639..f80f6f2 100644
> > --- a/libavformat/dashenc.c
> > +++ b/libavformat/dashenc.c
> > @@ -1832,28 +1832,24 @@ static void dashenc_delete_file(AVFormatContext *s, char *filename) {
> >  static int dashenc_delete_segment_file(AVFormatContext *s, const char* file)
> >  {
> >      DASHContext *c = s->priv_data;
> > -    size_t dirname_len, file_len;
> > -    char filename[1024];
> > -
> > -    dirname_len = strlen(c->dirname);
> > -    if (dirname_len >= sizeof(filename)) {
> > -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the directory path is too long: %"PRIu64" characters: %s\n",
> > -            (uint64_t)dirname_len, c->dirname);
> > -        return AVERROR(ENAMETOOLONG);
> > -    }
> > +    char *filename;
> > +    AVBPrint buf;
> >  
> > -    memcpy(filename, c->dirname, dirname_len);
> > +    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
> >  
> > -    file_len = strlen(file);
> > -    if ((dirname_len + file_len) >= sizeof(filename)) {
> > -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the path is too long: %"PRIu64" characters: %s%s\n",
> > -            (uint64_t)(dirname_len + file_len), c->dirname, file);
> > -        return AVERROR(ENAMETOOLONG);
> > +    av_bprintf(&buf, "%s%s", c->dirname, file);
> > +    if (!av_bprint_is_complete(&buf)) {
> > +        av_bprint_finalize(&buf, NULL);
> > +        return AVERROR(ENOMEM);
> > +    }
> > +    if (av_bprint_finalize(&buf, &filename) < 0) {
> 
> No, don't finalize the AVBPrint -- this will make an allocation even if
> the string fits into the internal buffer of the AVBPrint. Instead simply
> use buf.str directly for dashenc_delete_file().

OK, I have update the patch, please help to review whether my understand is correct.
thx.

> 
> - Andreas
> 
> > +        av_log(s, AV_LOG_WARNING, "Out of memory for filename\n");
> > +        return AVERROR(ENOMEM);
> >      }
> >  
> > -    memcpy(filename + dirname_len, file, file_len + 1); // include the terminating zero
> >      dashenc_delete_file(s, filename);
> >  
> > +    av_freep(&filename);
> >      return 0;
> >  }
> >  
> > 
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

lance.lmwang@gmail.com (12020-04-08):
> From: Limin Wang <lance.lmwang@gmail.com>
> 
> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
> ---
>  libavformat/dashenc.c | 28 ++++++++++++----------------
>  1 file changed, 12 insertions(+), 16 deletions(-)
> 
> diff --git a/libavformat/dashenc.c b/libavformat/dashenc.c
> index 94d4639..f80f6f2 100644
> --- a/libavformat/dashenc.c
> +++ b/libavformat/dashenc.c
> @@ -1832,28 +1832,24 @@ static void dashenc_delete_file(AVFormatContext *s, char *filename) {
>  static int dashenc_delete_segment_file(AVFormatContext *s, const char* file)
>  {
>      DASHContext *c = s->priv_data;
> -    size_t dirname_len, file_len;
> -    char filename[1024];
> -
> -    dirname_len = strlen(c->dirname);
> -    if (dirname_len >= sizeof(filename)) {
> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the directory path is too long: %"PRIu64" characters: %s\n",
> -            (uint64_t)dirname_len, c->dirname);
> -        return AVERROR(ENAMETOOLONG);
> -    }
> +    char *filename;
> +    AVBPrint buf;
>  
> -    memcpy(filename, c->dirname, dirname_len);
> +    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
>  
> -    file_len = strlen(file);
> -    if ((dirname_len + file_len) >= sizeof(filename)) {
> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the path is too long: %"PRIu64" characters: %s%s\n",
> -            (uint64_t)(dirname_len + file_len), c->dirname, file);
> -        return AVERROR(ENAMETOOLONG);
> +    av_bprintf(&buf, "%s%s", c->dirname, file);
> +    if (!av_bprint_is_complete(&buf)) {
> +        av_bprint_finalize(&buf, NULL);
> +        return AVERROR(ENOMEM);
> +    }

> +    if (av_bprint_finalize(&buf, &filename) < 0) {
> +        av_log(s, AV_LOG_WARNING, "Out of memory for filename\n");
> +        return AVERROR(ENOMEM);

Do not finalize into a variable if the variable does not outlive the
AVBPrint structure, just use the string directly and finalize to NULL.

>      }
>  
> -    memcpy(filename + dirname_len, file, file_len + 1); // include the terminating zero
>      dashenc_delete_file(s, filename);
>  
> +    av_freep(&filename);
>      return 0;
>  }

Regards,

Nicolas George:
> lance.lmwang@gmail.com (12020-04-08):
>> From: Limin Wang <lance.lmwang@gmail.com>
>>
>> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
>> ---
>>  libavformat/dashenc.c | 28 ++++++++++++----------------
>>  1 file changed, 12 insertions(+), 16 deletions(-)
>>
>> diff --git a/libavformat/dashenc.c b/libavformat/dashenc.c
>> index 94d4639..f80f6f2 100644
>> --- a/libavformat/dashenc.c
>> +++ b/libavformat/dashenc.c
>> @@ -1832,28 +1832,24 @@ static void dashenc_delete_file(AVFormatContext *s, char *filename) {
>>  static int dashenc_delete_segment_file(AVFormatContext *s, const char* file)
>>  {
>>      DASHContext *c = s->priv_data;
>> -    size_t dirname_len, file_len;
>> -    char filename[1024];
>> -
>> -    dirname_len = strlen(c->dirname);
>> -    if (dirname_len >= sizeof(filename)) {
>> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the directory path is too long: %"PRIu64" characters: %s\n",
>> -            (uint64_t)dirname_len, c->dirname);
>> -        return AVERROR(ENAMETOOLONG);
>> -    }
>> +    char *filename;
>> +    AVBPrint buf;
>>  
>> -    memcpy(filename, c->dirname, dirname_len);
>> +    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
>>  
>> -    file_len = strlen(file);
>> -    if ((dirname_len + file_len) >= sizeof(filename)) {
>> -        av_log(s, AV_LOG_WARNING, "Cannot delete segments as the path is too long: %"PRIu64" characters: %s%s\n",
>> -            (uint64_t)(dirname_len + file_len), c->dirname, file);
>> -        return AVERROR(ENAMETOOLONG);
>> +    av_bprintf(&buf, "%s%s", c->dirname, file);
>> +    if (!av_bprint_is_complete(&buf)) {
>> +        av_bprint_finalize(&buf, NULL);
>> +        return AVERROR(ENOMEM);
>> +    }
> 
>> +    if (av_bprint_finalize(&buf, &filename) < 0) {
>> +        av_log(s, AV_LOG_WARNING, "Out of memory for filename\n");
>> +        return AVERROR(ENOMEM);
> 
> Do not finalize into a variable if the variable does not outlive the
> AVBPrint structure, just use the string directly and finalize to NULL.
> 
You are commenting on an outdated version of this patch (and saying much
the same as I did). Current version is [1].

- Andreas

[1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-April/260048.html

Andreas Rheinhardt (12020-04-08):
> You are commenting on an outdated version of this patch (and saying much
> the same as I did). Current version is [1].

I made the same comment as you on the same patch as you because I had
not seen your comment at the time I sent.

Regards,