From patchwork Sat Aug 22 23:04:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21823 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BEB54449FCE for ; Sun, 23 Aug 2020 02:05:10 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A312568B55B; Sun, 23 Aug 2020 02:05:10 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f68.google.com (mail-ej1-f68.google.com [209.85.218.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1323668B4FD for ; Sun, 23 Aug 2020 02:05:04 +0300 (EEST) Received: by mail-ej1-f68.google.com with SMTP id d11so7195409ejt.13 for ; Sat, 22 Aug 2020 16:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VrJjurtnkdVhCzvybJOIVWD1hBBufvWfOqGTlWypeKY=; b=V2QOyuFwzi9zlmgejdJZoSadbTm89xYAqB0JOhB3FkUgeRExSTJeH1KuTJKjm3fYxf oHDwnyGS/WNvS7AkZlvLJAEizPSAspcJ1jsZ2QvDQ/K+5rgKykUzI8qJpgta8c4+ERzT 2gHDDTvQeKZTpyDisC5ETK3FXv+axrSNyDmWZsmLY34wU2YE2eZJZHIgoNn1cHW4wdF3 G73+KPqGKxc+eZCynDyre+r3J4yaFV3GNTLI/L1F/p4kQxgaKGyRr+3JllpXUAXHcaax 4FGarVaTa+fjIfDfw9b0BPHhKGPc3pSpxzoli2xlFrS2x87k5anmkhuPFGHro2m9ioR6 jnwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VrJjurtnkdVhCzvybJOIVWD1hBBufvWfOqGTlWypeKY=; b=Md0MkaO2PGC6ruJ9LXRHR6FxBxINWQ7pTav92ujU2WV+myB1bVAmJ3AWaigygSQ2s4 8TLX/WcnBWSIcggpJuSkvUV62Az2RD87dZqwxUXURNPP6CD6HQoU8F/KNyFIYPmQin6f LjEtMJv2oaJxYeroeljcXbHZUy8u3Rfa9pXFvNz8hxR3XekOfBIyHbHA09J9JOkJAl2p jOVzxdw8BJ2K1gpAzy7zq1if98vRYZmdV+1Y1/PW2IWUg/i9ByZbarBT4iGi8/NhapYW LIuA2PHP70tZPnDgz5eTaVwAg/OGblfCbWO2tA4UCI45AKUV5neKdgfMYi+cQReSmhsY +X6Q== X-Gm-Message-State: AOAM533krffui7O+VIbDWePU1JdKkSIevr1dSDAxbQMR8DBqtg7ZZNe+ m0GnapLeNsaHH7wjoWh07w6pcGiZbqE= X-Google-Smtp-Source: ABdhPJyYvLVSCP0gQ+Vlj73czFGQ+pfnbDFte4rEweJABOQPS18qCZIN3FqcY6q606wfEo4Q2Uj6UA== X-Received: by 2002:a17:906:8608:: with SMTP id o8mr9497427ejx.156.1598137503138; Sat, 22 Aug 2020 16:05:03 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id d24sm3813366edz.77.2020.08.22.16.05.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Aug 2020 16:05:02 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 01:04:33 +0200 Message-Id: <20200822230434.11347-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avfilter/graphparser: Don't set pointer to one beyond '\0' of string X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This happened in parse_link_name() if there was a '[' without matching ']'. While this is not undefined behaviour (pointer arithmetic one beyond the end of an array works fine as long as there are no accesses), it is potentially dangerous. It currently isn't (all callers of parse_link_name() treat this as an error and don't access the string any more), but making sure that this will never cause trouble in the future seems nevertheless worthwhile. Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index dfb94788e1..e96b20418e 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -63,7 +63,7 @@ static char *parse_link_name(const char **buf, void *log_ctx) name = av_get_token(buf, "]"); if (!name) - goto fail; + return NULL; if (!name[0]) { av_log(log_ctx, AV_LOG_ERROR, @@ -71,12 +71,14 @@ static char *parse_link_name(const char **buf, void *log_ctx) goto fail; } - if (*(*buf)++ != ']') { + if (**buf != ']') { av_log(log_ctx, AV_LOG_ERROR, "Mismatched '[' found in the following: \"%s\".\n", start); fail: av_freep(&name); + return NULL; } + (*buf)++; return name; }