1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-02 03:06:28 +02:00
FFmpeg/libavutil/bprint.c
Andreas Rheinhardt 8bea4a83aa avutil/bprint: Allow size == 0 in av_bprint_init_for_buffer()
The AVBPrint API guarantees that the string buffer is always
zero-terminated; in order to honour this guarantee, there
obviously must be a string buffer at all and it must have
a size >= 1. Therefore av_bprint_init_for_buffer() treats
passing a NULL buffer or size == 0 as invalid data that
leads to undefined behaviour, namely NPD in case NULL is provided
or a write to a buffer of size 0 in case size == 0.

But it would be easy to support this, namely by using the internal
buffer with AV_BPRINT_SIZE_COUNT_ONLY in case size == 0.

There is a reason to allow this: Several functions like
av_channel_(description|name) are actually wrappers
around corresponding AVBPrint functions. They accept user
provided buffers and are supposed to return the required
size of the buffer, which would allow the user to call
it once to get the required buffer size and call it once
more after having allocated the buffer.
If av_bprint_init_for_buffer() treats size == 0 as invalid,
all these users would need to check for this themselves
and basically add the same codeblock that this patch
adds to av_bprint_init_for_buffer().

This change is in line with e.g. snprintf() which also allows
the pointer to be NULL in case size is zero.

This fixes Coverity issues #1503074, #1503076 and #1503082;
all of these issues are about providing NULL to the channel-layout
functions that are wrappers around AVBPrint versions.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-08-10 08:53:38 +02:00

338 lines
10 KiB
C

/*
* Copyright (c) 2012 Nicolas George
*
* This file is part of FFmpeg.
*
* FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "avstring.h"
#include "bprint.h"
#include "compat/va_copy.h"
#include "error.h"
#include "macros.h"
#include "mem.h"
#define av_bprint_room(buf) ((buf)->size - FFMIN((buf)->len, (buf)->size))
#define av_bprint_is_allocated(buf) ((buf)->str != (buf)->reserved_internal_buffer)
static int av_bprint_alloc(AVBPrint *buf, unsigned room)
{
char *old_str, *new_str;
unsigned min_size, new_size;
if (buf->size == buf->size_max)
return AVERROR(EIO);
if (!av_bprint_is_complete(buf))
return AVERROR_INVALIDDATA; /* it is already truncated anyway */
min_size = buf->len + 1 + FFMIN(UINT_MAX - buf->len - 1, room);
new_size = buf->size > buf->size_max / 2 ? buf->size_max : buf->size * 2;
if (new_size < min_size)
new_size = FFMIN(buf->size_max, min_size);
old_str = av_bprint_is_allocated(buf) ? buf->str : NULL;
new_str = av_realloc(old_str, new_size);
if (!new_str)
return AVERROR(ENOMEM);
if (!old_str)
memcpy(new_str, buf->str, buf->len + 1);
buf->str = new_str;
buf->size = new_size;
return 0;
}
static void av_bprint_grow(AVBPrint *buf, unsigned extra_len)
{
/* arbitrary margin to avoid small overflows */
extra_len = FFMIN(extra_len, UINT_MAX - 5 - buf->len);
buf->len += extra_len;
if (buf->size)
buf->str[FFMIN(buf->len, buf->size - 1)] = 0;
}
void av_bprint_init(AVBPrint *buf, unsigned size_init, unsigned size_max)
{
unsigned size_auto = (char *)buf + sizeof(*buf) -
buf->reserved_internal_buffer;
if (size_max == AV_BPRINT_SIZE_AUTOMATIC)
size_max = size_auto;
buf->str = buf->reserved_internal_buffer;
buf->len = 0;
buf->size = FFMIN(size_auto, size_max);
buf->size_max = size_max;
*buf->str = 0;
if (size_init > buf->size)
av_bprint_alloc(buf, size_init - 1);
}
void av_bprint_init_for_buffer(AVBPrint *buf, char *buffer, unsigned size)
{
if (size == 0) {
av_bprint_init(buf, 0, AV_BPRINT_SIZE_COUNT_ONLY);
return;
}
buf->str = buffer;
buf->len = 0;
buf->size = size;
buf->size_max = size;
*buf->str = 0;
}
void av_bprintf(AVBPrint *buf, const char *fmt, ...)
{
unsigned room;
char *dst;
va_list vl;
int extra_len;
while (1) {
room = av_bprint_room(buf);
dst = room ? buf->str + buf->len : NULL;
va_start(vl, fmt);
extra_len = vsnprintf(dst, room, fmt, vl);
va_end(vl);
if (extra_len <= 0)
return;
if (extra_len < room)
break;
if (av_bprint_alloc(buf, extra_len))
break;
}
av_bprint_grow(buf, extra_len);
}
void av_vbprintf(AVBPrint *buf, const char *fmt, va_list vl_arg)
{
unsigned room;
char *dst;
int extra_len;
va_list vl;
while (1) {
room = av_bprint_room(buf);
dst = room ? buf->str + buf->len : NULL;
va_copy(vl, vl_arg);
extra_len = vsnprintf(dst, room, fmt, vl);
va_end(vl);
if (extra_len <= 0)
return;
if (extra_len < room)
break;
if (av_bprint_alloc(buf, extra_len))
break;
}
av_bprint_grow(buf, extra_len);
}
void av_bprint_chars(AVBPrint *buf, char c, unsigned n)
{
unsigned room, real_n;
while (1) {
room = av_bprint_room(buf);
if (n < room)
break;
if (av_bprint_alloc(buf, n))
break;
}
if (room) {
real_n = FFMIN(n, room - 1);
memset(buf->str + buf->len, c, real_n);
}
av_bprint_grow(buf, n);
}
void av_bprint_append_data(AVBPrint *buf, const char *data, unsigned size)
{
unsigned room, real_n;
while (1) {
room = av_bprint_room(buf);
if (size < room)
break;
if (av_bprint_alloc(buf, size))
break;
}
if (room) {
real_n = FFMIN(size, room - 1);
memcpy(buf->str + buf->len, data, real_n);
}
av_bprint_grow(buf, size);
}
void av_bprint_strftime(AVBPrint *buf, const char *fmt, const struct tm *tm)
{
unsigned room;
size_t l;
if (!*fmt)
return;
while (1) {
room = av_bprint_room(buf);
if (room && (l = strftime(buf->str + buf->len, room, fmt, tm)))
break;
/* strftime does not tell us how much room it would need: let us
retry with twice as much until the buffer is large enough */
room = !room ? strlen(fmt) + 1 :
room <= INT_MAX / 2 ? room * 2 : INT_MAX;
if (av_bprint_alloc(buf, room)) {
/* impossible to grow, try to manage something useful anyway */
room = av_bprint_room(buf);
if (room < 1024) {
/* if strftime fails because the buffer has (almost) reached
its maximum size, let us try in a local buffer; 1k should
be enough to format any real date+time string */
char buf2[1024];
if ((l = strftime(buf2, sizeof(buf2), fmt, tm))) {
av_bprintf(buf, "%s", buf2);
return;
}
}
if (room) {
/* if anything else failed and the buffer is not already
truncated, let us add a stock string and force truncation */
static const char txt[] = "[truncated strftime output]";
memset(buf->str + buf->len, '!', room);
memcpy(buf->str + buf->len, txt, FFMIN(sizeof(txt) - 1, room));
av_bprint_grow(buf, room); /* force truncation */
}
return;
}
}
av_bprint_grow(buf, l);
}
void av_bprint_get_buffer(AVBPrint *buf, unsigned size,
unsigned char **mem, unsigned *actual_size)
{
if (size > av_bprint_room(buf))
av_bprint_alloc(buf, size);
*actual_size = av_bprint_room(buf);
*mem = *actual_size ? buf->str + buf->len : NULL;
}
void av_bprint_clear(AVBPrint *buf)
{
if (buf->len) {
*buf->str = 0;
buf->len = 0;
}
}
int av_bprint_finalize(AVBPrint *buf, char **ret_str)
{
unsigned real_size = FFMIN(buf->len + 1, buf->size);
char *str;
int ret = 0;
if (ret_str) {
if (av_bprint_is_allocated(buf)) {
str = av_realloc(buf->str, real_size);
if (!str)
str = buf->str;
buf->str = NULL;
} else {
str = av_memdup(buf->str, real_size);
if (!str)
ret = AVERROR(ENOMEM);
}
*ret_str = str;
} else {
if (av_bprint_is_allocated(buf))
av_freep(&buf->str);
}
buf->size = real_size;
return ret;
}
#define WHITESPACES " \n\t\r"
void av_bprint_escape(AVBPrint *dstbuf, const char *src, const char *special_chars,
enum AVEscapeMode mode, int flags)
{
const char *src0 = src;
if (mode == AV_ESCAPE_MODE_AUTO)
mode = AV_ESCAPE_MODE_BACKSLASH; /* TODO: implement a heuristic */
switch (mode) {
case AV_ESCAPE_MODE_QUOTE:
/* enclose the string between '' */
av_bprint_chars(dstbuf, '\'', 1);
for (; *src; src++) {
if (*src == '\'')
av_bprintf(dstbuf, "'\\''");
else
av_bprint_chars(dstbuf, *src, 1);
}
av_bprint_chars(dstbuf, '\'', 1);
break;
case AV_ESCAPE_MODE_XML:
/* escape XML non-markup character data as per 2.4 by default: */
/* [^<&]* - ([^<&]* ']]>' [^<&]*) */
/* additionally, given one of the AV_ESCAPE_FLAG_XML_* flags, */
/* escape those specific characters as required. */
for (; *src; src++) {
switch (*src) {
case '&' : av_bprintf(dstbuf, "%s", "&amp;"); break;
case '<' : av_bprintf(dstbuf, "%s", "&lt;"); break;
case '>' : av_bprintf(dstbuf, "%s", "&gt;"); break;
case '\'':
if (!(flags & AV_ESCAPE_FLAG_XML_SINGLE_QUOTES))
goto XML_DEFAULT_HANDLING;
av_bprintf(dstbuf, "%s", "&apos;");
break;
case '"' :
if (!(flags & AV_ESCAPE_FLAG_XML_DOUBLE_QUOTES))
goto XML_DEFAULT_HANDLING;
av_bprintf(dstbuf, "%s", "&quot;");
break;
XML_DEFAULT_HANDLING:
default: av_bprint_chars(dstbuf, *src, 1);
}
}
break;
/* case AV_ESCAPE_MODE_BACKSLASH or unknown mode */
default:
/* \-escape characters */
for (; *src; src++) {
int is_first_last = src == src0 || !*(src+1);
int is_ws = !!strchr(WHITESPACES, *src);
int is_strictly_special = special_chars && strchr(special_chars, *src);
int is_special =
is_strictly_special || strchr("'\\", *src) ||
(is_ws && (flags & AV_ESCAPE_FLAG_WHITESPACE));
if (is_strictly_special ||
(!(flags & AV_ESCAPE_FLAG_STRICT) &&
(is_special || (is_ws && is_first_last))))
av_bprint_chars(dstbuf, '\\', 1);
av_bprint_chars(dstbuf, *src, 1);
}
break;
}
}