From 9dfc409e6b18d2984bdd5f041413173549e0fdd5 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Tue, 3 Mar 2020 03:41:13 +0100 Subject: avformat/hls: Don't strdup non-null-terminated string If an URI indicated that the data protocol was in use, it would be copied into a temporary buffer via strncpy(dst, src, strlen(src)), thereby ensuring that the trailing \0 would not be copied, despite dst being uninitialized. dst would then be av_strdup'ed, leading to potential segfaults. The solution to this is simple: Don't copy the URI in the temporary buffer at all, instead av_strdup it directly. This fixes a -Wstringop-truncation warning emitted by GCC 9.2. Reviewed-by: Steven Liu Signed-off-by: Andreas Rheinhardt --- libavformat/hls.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 1f58e745a7..fc45719d1c 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -403,8 +403,7 @@ static struct segment *new_init_section(struct playlist *pls, const char *url_base) { struct segment *sec; - char *ptr; - char tmp_str[MAX_URL_SIZE]; + char tmp_str[MAX_URL_SIZE], *ptr = tmp_str; if (!info->uri[0]) return NULL; @@ -414,11 +413,11 @@ static struct segment *new_init_section(struct playlist *pls, return NULL; if (!av_strncasecmp(info->uri, "data:", 5)) { - strncpy(tmp_str, info->uri, strlen(info->uri)); + ptr = info->uri; } else { ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri); } - sec->url = av_strdup(tmp_str); + sec->url = av_strdup(ptr); if (!sec->url) { av_free(sec); return NULL; -- cgit v1.2.3