avformat/dashdec: Ensure strings are zero-terminated

strncpy only ensures that one does not write beyond the end of the
destination buffer; in case of truncation it does not zero-terminate
the destination buffer. This makes using it the way it is now in the
DASH demuxer dangerous. So use av_strlcpy instead.

Also don't write anything if there is no id: The buffer has already been
zeroed initially.

The DASH testset from the Universität Klagenfurt contains samples with
ids that are too long. E.g.
http://ftp.itec.aau.at/datasets/DASHDataset2014/TearsOfSteel/1sec/TearsOfSteel_1s_simple_2014_05_09.mpd

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index b82805c9ce7d6ed6fab39156b2372469e5a8dad6..3a12aefa681e57d63844907bb3bbe273eb0db772 100644 (file)
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -1042,7 +1042,8 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url,
     if (rep->fragment_duration > 0 && !rep->fragment_timescale)
         rep->fragment_timescale = 1;
     rep->bandwidth = rep_bandwidth_val ? atoi(rep_bandwidth_val) : 0;
-    strncpy(rep->id, rep_id_val ? rep_id_val : "", sizeof(rep->id));
+    if (rep_id_val)
+        av_strlcpy(rep->id, rep_id_val, sizeof(rep->id));
     rep->framerate = av_make_q(0, 0);
     if (type == AVMEDIA_TYPE_VIDEO) {
         char *rep_framerate_val = xmlGetProp(representation_node, "frameRate");