RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

options: fix UB/crash in key/values parser 

keyvalue_list_find_key() was called on a "partially" constructed list,
because the terminating NULL was added only later. Didn't I say this
code is cursed?

Fixes: #7273
This commit is contained in:
wm4 2019-12-18 18:44:21 +01:00
parent 09ea3a424f
commit 7142214243
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
options/m_option.c
View File

@ -1714,6 +1714,8 @@ static int parse_keyvalue_list(struct mp_log *log, const m_option_t *opt,
}
MP_TARRAY_APPEND(NULL, lst, num, bstrto0(NULL, key));
MP_TARRAY_APPEND(NULL, lst, num, bstrto0(NULL, val));
MP_TARRAY_APPEND(NULL, lst, num, NULL);
num -= 1;
}
if (!bstr_eatstart0(&param, ",") && !bstr_eatstart0(&param, ":"))
@ -1722,8 +1724,6 @@ static int parse_keyvalue_list(struct mp_log *log, const m_option_t *opt,
mp_warn(log, "Passing more than 1 argument to %.*s is deprecated!\n",
BSTR_P(name));
}
if (dst)
MP_TARRAY_APPEND(NULL, lst, num, NULL);
if (param.len) {
mp_err(log, "Unparseable garbage at end of option value: '%.*s'\n",