[FFmpeg-devel] [PATCH] find_info_tag: Make sure the output buffer is null terminated

Tue Oct 5 18:52:46 CEST 2010

Hi,

On Tue, Oct 5, 2010 at 9:24 AM, Martin Storsjo <martin at martin.st> wrote:
> Currently, a tag without a = character makes the function return 1
> but leaves the arg buffer untouched (and thus not null terminated).
> ---
> ?libavformat/utils.c | ? ?2 +-
> ?1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index 5985511..a545a5d 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -3361,8 +3361,8 @@ int find_info_tag(char *arg, int arg_size, const char *tag1, const char *info)
> ? ? ? ? ? ? ? ? }
> ? ? ? ? ? ? ? ? p++;
> ? ? ? ? ? ? }
> - ? ? ? ? ? ?*q = '\0';
> ? ? ? ? }
> + ? ? ? ?*q = '\0';
> ? ? ? ? if (!strcmp(tag, tag1))
> ? ? ? ? ? ? return 1;
> ? ? ? ? if (*p != '&')
[..]
        *q = '\0'; <----------- !!!!!
        q = arg;
        if (*p == '=') {
            p++;
            while (*p != '&' && *p != '\0') {
                if ((q - arg) < arg_size - 1) {
                    if (*p == '+')
                        *q++ = ' ';
                    else
                        *q++ = *p;
                }
                p++;
            }
            *q = '\0';
        }

I don't think this is an actual issue... ?

Ronald