avformat/dashdec: Ensure strings are zero-terminated

strncpy only ensures that one does not write beyond the end of the destination buffer; in case of truncation it does not zero-terminate the destination buffer. This makes using it the way it is now in the DASH demuxer dangerous. So use av_strlcpy instead. Also don't write anything if there is no id: The buffer has already been zeroed initially. The DASH testset from the Universität Klagenfurt contains samples with ids that are too long. E.g. http://ftp.itec.aau.at/datasets/DASHDataset2014/TearsOfSteel/1sec/TearsOfSteel_1s_simple_2014_05_09.mpd Reviewed-by: Steven Liu <lq@chinaffmpeg.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
4 years ago · ec5663d0a7
parent 988deae6da
commit ec5663d0a7
1 changed files with 2 additions and 1 deletions
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@ -1042,7 +1042,8 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url,
    if (rep->fragment_duration > 0 && !rep->fragment_timescale)
        rep->fragment_timescale = 1;
    rep->bandwidth = rep_bandwidth_val ? atoi(rep_bandwidth_val) : 0;
-    strncpy(rep->id, rep_id_val ? rep_id_val : "", sizeof(rep->id));
+    if (rep_id_val)
+        av_strlcpy(rep->id, rep_id_val, sizeof(rep->id));
    rep->framerate = av_make_q(0, 0);
    if (type == AVMEDIA_TYPE_VIDEO) {
        char *rep_framerate_val = xmlGetProp(representation_node, "frameRate");