virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

eval: replace variable-length array with av_malloc/free

Browse Source 
There is a theoretical possibility to pass a very long string to ff_parse,
which could crash if allocated from the stack.  This allows the allocation
to be checked properly.

Originally committed as revision 19670 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Måns Rullgård 2009-08-19 21:59:40 +00:00
parent 8313e17976
commit 0314dead4e
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/eval.c
View File

@ -369,8 +369,12 @@ AVEvalExpr * ff_parse(const char *s, const char * const *const_name,
double (**func2)(void *, double, double), const char **func2_name,
const char **error){
Parser p;
AVEvalExpr * e;
char w[strlen(s) + 1], * wp = w;
AVEvalExpr *e = NULL;
char *w = av_malloc(strlen(s) + 1);
char *wp = w;
if (!w)
goto end;
while (*s)
if (!isspace(*s++)) *wp++ = s[-1];
@ -388,8 +392,10 @@ AVEvalExpr * ff_parse(const char *s, const char * const *const_name,
e = parse_expr(&p);
if (!verify_expr(e)) {
ff_eval_free(e);
return NULL;
e = NULL;
}
end:
av_free(w);
return e;
}