avformat/hls: Don't strdup non-null-terminated string

If an URI indicated that the data protocol was in use, it would be
copied into a temporary buffer via strncpy(dst, src, strlen(src)),
thereby ensuring that the trailing \0 would not be copied, despite dst
being uninitialized. dst would then be av_strdup'ed, leading to
potential segfaults.

The solution to this is simple: Don't copy the URI in the temporary
buffer at all, instead av_strdup it directly.

This fixes a -Wstringop-truncation warning emitted by GCC 9.2.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 1f58e745a7b81efc8d8b94c4a55bd551a1ae58cb..fc45719d1c0171415a459f5e59a486a716f29309 100644 (file)
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -403,8 +403,7 @@ static struct segment *new_init_section(struct playlist *pls,
                                         const char *url_base)
 {
     struct segment *sec;
-    char *ptr;
-    char tmp_str[MAX_URL_SIZE];
+    char tmp_str[MAX_URL_SIZE], *ptr = tmp_str;
 
     if (!info->uri[0])
         return NULL;
@@ -414,11 +413,11 @@ static struct segment *new_init_section(struct playlist *pls,
         return NULL;
 
     if (!av_strncasecmp(info->uri, "data:", 5)) {
-        strncpy(tmp_str, info->uri, strlen(info->uri));
+        ptr = info->uri;
     } else {
         ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
     }
-    sec->url = av_strdup(tmp_str);
+    sec->url = av_strdup(ptr);
     if (!sec->url) {
         av_free(sec);
         return NULL;