On 12/03/14 16:28, Alessandro Ghedini wrote:
> The icy_metadata_headers string never gets initialized, so, during the first
> call to av_strlcatf() in parse_icy(), strlen() will be called on a pointer to
> uninitialized memory. At best this causes some garbage data to be left at the
> start of the string.
>
> By initializing icy_metadata_headers to the empty string, the first call to
> strlen() will always return 0, so that data is appended from the start of the
> string.
> ---
> libavformat/http.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavformat/http.c b/libavformat/http.c
> index fde7a07..948930a 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -405,6 +405,7 @@ static int parse_content_encoding(URLContext *h, const
> char *p)
> static int parse_icy(HTTPContext *s, const char *tag, const char *p)
> {
> int len = 4 + strlen(p) + strlen(tag);
> + int is_first = !s->icy_metadata_headers;
> int ret;
>
> if (s->icy_metadata_headers)
> @@ -413,6 +414,9 @@ static int parse_icy(HTTPContext *s, const char *tag,
> const char *p)
> if ((ret = av_reallocp(&s->icy_metadata_headers, len)) < 0)
> return ret;
>
> + if (is_first)
> + *s->icy_metadata_headers = '\0';
> +
> av_strlcatf(s->icy_metadata_headers, len, "%s: %s\n", tag, p);
>
> return 0;
>
Thanks for patching it up.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
