On 13/02/2018 06:18, Sean McGovern wrote:
Using strcmp() with constant arrays in recent versions of GCC,
the compiler will "optimize" the calls to use memcmp() instead.

This can be problematic as some implementations of memcmp() are written
to compare full words at a time which can cause an out-of-bounds read.

Avoid the invalid read by using strncmp() instead.
---
  libavformat/network.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/network.c b/libavformat/network.c
index 86d7955..2bbbb93 100644
--- a/libavformat/network.c
+++ b/libavformat/network.c
@@ -252,7 +252,7 @@ static int match_host_pattern(const char *pattern, const 
char *hostname)
      if (len_p > len_h)
          return 0;
      // Simply check if the end of hostname is equal to 'pattern'
-    if (!strcmp(pattern, &hostname[len_h - len_p])) {
+    if (!strncmp(pattern, &hostname[len_h - len_p], len_h)) {
          if (len_h == len_p)
              return 1; // Exact match
          if (hostname[len_h - len_p - 1] == '.')


Fine for me.

lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to