virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-07-11 14:30:22 +02:00
Code Issues Releases Activity

http: fix potentially dangerous whitespace skipping code

Browse Source 
If the string consists entirely of whitespace, this could in theory
continue to write '\0' before the start of the memory allocation. In
practice, it didn't really happen: the generic HTTP header parsing code
already skips leading whitespaces, so the string is either empty, or
consists a non-whitespace. (The generic code and the cookie code
actually have different ideas about what bytes are whitespace: the
former uses av_isspace(), the latter uses WHITESPACES. Fortunately,
av_isspace() is a super set of the http.c specific WHITESPACES, so
there's probably no case where the above assumption could have been
broken.)
This commit is contained in:
wm4
2018-03-08 04:52:36 +01:00
parent c0687acbf6
commit b7d842c554
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/http.c
View File

@ -760,6 +760,8 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
back = &cstr[strlen(cstr)-1]; back = &cstr[strlen(cstr)-1];
while (strchr(WHITESPACES, *back)) { while (strchr(WHITESPACES, *back)) {
*back='\0'; *back='\0';
if (back == cstr)
break;
back--; back--;
} }