If an URI indicated that the data protocol was in use, it would be
copied into a temporary buffer via strncpy(dst, src, strlen(src)),
thereby ensuring that the trailing \0 would not be copied, despite dst
being uninitialized. dst would then be av_strdup'ed, leading to
potential segfaults.
The solution to this is simple: Don't copy the URI in the temporary
buffer at all, instead av_strdup it directly.
This fixes a -Wstringop-truncation warning emitted by GCC 9.2.
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
const char *url_base)
{
struct segment *sec;
- char *ptr;
- char tmp_str[MAX_URL_SIZE];
+ char tmp_str[MAX_URL_SIZE], *ptr = tmp_str;
if (!info->uri[0])
return NULL;
return NULL;
if (!av_strncasecmp(info->uri, "data:", 5)) {
- strncpy(tmp_str, info->uri, strlen(info->uri));
+ ptr = info->uri;
} else {
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
}
- sec->url = av_strdup(tmp_str);
+ sec->url = av_strdup(ptr);
if (!sec->url) {
av_free(sec);
return NULL;