[FFmpeg-devel] [PATCHv2] ffserver: fix incorrect strlcpy usage

Ganesh Ajjanagadde gajjanag at mit.edu
Tue Nov 10 01:32:51 CET 2015


On Mon, Nov 9, 2015 at 6:50 PM, Michael Niedermayer
<michael at niedermayer.cc> wrote:
> On Sat, Nov 07, 2015 at 07:21:59AM -0500, Ganesh Ajjanagadde wrote:
>> Somewhat ironic that this "safe" interface is actually being used
>> unsafely here. This fixes the usage preventing potential null pointer
>> dereference, where the old code was doubly broken: ctime can return
>> NULL, and ctime can return an arbitrarily long buffer.
>>
>> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde at gmail.com>
>> ---
>>  ffserver.c | 8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/ffserver.c b/ffserver.c
>> index 526cbfc..c1746dc 100644
>> --- a/ffserver.c
>> +++ b/ffserver.c
>> @@ -305,15 +305,19 @@ static void ffm_set_write_index(AVFormatContext *s, int64_t pos,
>>      ffm->file_size = file_size;
>>  }
>>
>> -static char *ctime1(char *buf2, int buf_size)
>> +static char *ctime1(char *buf2, size_t buf_size)
>>  {
>>      time_t ti;
>>      char *p;
>>
>>      ti = time(NULL);
>>      p = ctime(&ti);
>> +    if (!p || !strcmp(p, "")) {
>
> can be simplified to !p || !*p
> otherwise LGTM

pushed with change, thanks all.

>
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Let us carefully observe those good qualities wherein our enemies excel us
> and endeavor to excel them, by avoiding what is faulty, and imitating what
> is excellent in them. -- Plutarch
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


More information about the ffmpeg-devel mailing list