On 10/26/23 07:32, Andreas Rheinhardt wrote:
This case can't happen here, because it only copies
"sizeof(rend->language) - langlen - 2" bytes at most from position where
sizeof(rend->language) - langlen - 1 are available, so the initial
trailing \0 never gets touched. You did not touch the size part of the
call, so you effectively only use sizeof(rend->language) - 1 bytes of
the buffer, thereby making the truncation issue worse. And even if you
fixed this part, you would still just have silenced the truncation
instead of fixing it.
- Andreas
Truncation can happen if info->assoc_language is very long, i.e. uses
the full buffer (63 chars plus a 64th for nul).
In that case, strncpy will truncate, but because there's a -2 in the
size argument, instead of -1, the resulting buffer will still be
nul-terminated. The compiler doesn't know this, so it produces a warning.
It seems the appropriate fix here is to change strncpy to av_strlcpy but
also change the -2 to a -1. This will produce identical behavior to
before, but it won't cause the compiler to produce a warning that the
string might not be nul-terminated (cause it will always be).
- Leo Izen (Traneptora)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
