mirror of https://git.ffmpeg.org/ffmpeg.git
avformat/dashdec: Ensure strings are zero-terminated
strncpy only ensures that one does not write beyond the end of the destination buffer; in case of truncation it does not zero-terminate the destination buffer. This makes using it the way it is now in the DASH demuxer dangerous. So use av_strlcpy instead. Also don't write anything if there is no id: The buffer has already been zeroed initially. The DASH testset from the Universität Klagenfurt contains samples with ids that are too long. E.g. http://ftp.itec.aau.at/datasets/DASHDataset2014/TearsOfSteel/1sec/TearsOfSteel_1s_simple_2014_05_09.mpd Reviewed-by: Steven Liu <lq@chinaffmpeg.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
parent
988deae6da
commit
ec5663d0a7
|
@ -1042,7 +1042,8 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url,
|
|||
if (rep->fragment_duration > 0 && !rep->fragment_timescale)
|
||||
rep->fragment_timescale = 1;
|
||||
rep->bandwidth = rep_bandwidth_val ? atoi(rep_bandwidth_val) : 0;
|
||||
strncpy(rep->id, rep_id_val ? rep_id_val : "", sizeof(rep->id));
|
||||
if (rep_id_val)
|
||||
av_strlcpy(rep->id, rep_id_val, sizeof(rep->id));
|
||||
rep->framerate = av_make_q(0, 0);
|
||||
if (type == AVMEDIA_TYPE_VIDEO) {
|
||||
char *rep_framerate_val = xmlGetProp(representation_node, "frameRate");
|
||||
|
|
Loading…
Reference in New Issue