http: fix potentially dangerous whitespace skipping code

If the string consists entirely of whitespace, this could in theory continue to write '\0' before the start of the memory allocation. In practice, it didn't really happen: the generic HTTP header parsing code already skips leading whitespaces, so the string is either empty, or consists a non-whitespace. (The generic code and the cookie code actually have different ideas about what bytes are whitespace: the former uses av_isspace(), the latter uses WHITESPACES. Fortunately, av_isspace() is a super set of the http.c specific WHITESPACES, so there's probably no case where the above assumption could have been broken.)
author: wm4 <nfxjfg@googlemail.com> 2018-03-08 04:52:36 +0100
committer: wm4 <nfxjfg@googlemail.com> 2018-03-18 12:36:24 +0100
commit: b7d842c554b1fec051ca906f446f7311139c5725 (patch)
tree: 4b47cc1573159597bdd91cd9e2450bcab98de754
parent: c0687acbf6094053834af6a20e9d71b455842c8c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/http.c b/libavformat/http.c
index 59f90ac603..983034f083 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -760,6 +760,8 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
     back = &cstr[strlen(cstr)-1];
     while (strchr(WHITESPACES, *back)) {
         *back='\0';
+        if (back == cstr)
+            break;
         back--;
     }
author	wm4 <nfxjfg@googlemail.com>	2018-03-08 04:52:36 +0100
committer	wm4 <nfxjfg@googlemail.com>	2018-03-18 12:36:24 +0100
commit	b7d842c554b1fec051ca906f446f7311139c5725 (patch)
tree	4b47cc1573159597bdd91cd9e2450bcab98de754
parent	c0687acbf6094053834af6a20e9d71b455842c8c (diff)