[FFmpeg-devel] [PATCH] Handling special characters in a URL.

Michael Niedermayer michaelni at gmx.at
Fri Mar 1 03:19:07 CET 2013


On Fri, Mar 01, 2013 at 06:45:30AM +0530, Senthilnathan Maadasamy wrote:
> On Thu, Feb 28, 2013 at 6:09 AM, Michael Niedermayer <michaelni at gmx.at>wrote:
> 
> >
> > > +    while (c = *src) {
> >
> > null pointer dereference
> >
> Added a check to fix this.
> 
> >
> >
> > > +        if (isalnum(c) || strchr("-._~%", c)
> > > +            || (allowed && strchr(allowed, c))) {
> > > +            if (enc_len+1 < MAX_URL_SIZE) enc[enc_len] = c;
> > > +            else break;
> > > +            enc_len++;
> > > +        } else {
> > > +            if (enc_len+3 < MAX_URL_SIZE) snprintf(&enc[enc_len], 4,
> > "%%%02x", c);
> > > +            else break;
> > > +            enc_len += 3;
> > > +        }
> > > +        src++;
> > > +    }
> > > +
> >
> > > +    enc[enc_len++] = '\0';
> >
> > i suspect this can write outside of the array
> >
> No.  The previous two comparisons of enc_len with MAX_URL_SIZE make sure
> that there is always place for the trailing NULL character.

consider component_size == 0


> 
> >
> >
> > > +    if (enc_len <= component_size) {
> >
> > > +        av_strlcpy(component, enc, component_size);
> >
> > this encodes things like
> > A.B.C.D?ttl=123
> > which thebn fail apparently
> >
> I have added '=' to the list of character which must not be encoded.
> I have tried my best to test different cases.  Please let me know if it
> needs further changes.

ill run some tests

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130301/87db7bd7/attachment.asc>


More information about the ffmpeg-devel mailing list