ffserver: fix incorrect strlcpy usage

Somewhat ironic that this "safe" interface is actually being used unsafely here. This fixes the usage preventing potential null pointer dereference, where the old code was doubly broken: ctime can return NULL, and ctime can return an arbitrarily long buffer. Reviewed-by: Mark Harris <mark.hsj@gmail.com> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
author: Ganesh Ajjanagadde <gajjanagadde@gmail.com> 2015-11-06 15:47:37 -0500
committer: Ganesh Ajjanagadde <gajjanagadde@gmail.com> 2015-11-09 19:30:26 -0500
commit: 6c2dbff7f08ccbf69adb23ada48bb36ba796e772 (patch)
tree: 8c8a3840b9446dabf997bb04850f1810a8aea4b8
parent: cf491a925e221122f81873bd041c5c136027e385 (diff)
download: ffmpeg-6c2dbff7f08ccbf69adb23ada48bb36ba796e772.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/ffserver.c b/ffserver.c
index 526cbfcae3..577ca6ff45 100644
--- a/ffserver.c
+++ b/ffserver.c
@@ -305,15 +305,19 @@ static void ffm_set_write_index(AVFormatContext *s, int64_t pos,
     ffm->file_size = file_size;
 }
 
-static char *ctime1(char *buf2, int buf_size)
+static char *ctime1(char *buf2, size_t buf_size)
 {
     time_t ti;
     char *p;
 
     ti = time(NULL);
     p = ctime(&ti);
+    if (!p || !*p) {
+        *buf2 = '\0';
+        return buf2;
+    }
     av_strlcpy(buf2, p, buf_size);
-    p = buf2 + strlen(p) - 1;
+    p = buf2 + strlen(buf2) - 1;
     if (*p == '\n')
         *p = '\0';
     return buf2;
author	Ganesh Ajjanagadde <gajjanagadde@gmail.com>	2015-11-06 15:47:37 -0500
committer	Ganesh Ajjanagadde <gajjanagadde@gmail.com>	2015-11-09 19:30:26 -0500
commit	6c2dbff7f08ccbf69adb23ada48bb36ba796e772 (patch)
tree	8c8a3840b9446dabf997bb04850f1810a8aea4b8
parent	cf491a925e221122f81873bd041c5c136027e385 (diff)
download	ffmpeg-6c2dbff7f08ccbf69adb23ada48bb36ba796e772.tar.gz