Pinging this issue. While likely not a security concern it does cause uninitialized memory to be printed to the user's terminal and that's pretty bad.
On 10/01/2015 07:21 PM, DeHackEd wrote: > From: DHE <g...@dehacked.net> > > Fixes ticket#4900 > > Signed-off-by: DHE <g...@dehacked.net> > --- > libavformat/hlsenc.c | 29 +++++++++++++++++------------ > 1 file changed, 17 insertions(+), 12 deletions(-) > > diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c > index 473ca3a..8daf53f 100644 > --- a/libavformat/hlsenc.c > +++ b/libavformat/hlsenc.c > @@ -165,12 +165,6 @@ static int hls_delete_old_segments(HLSContext *hls) { > ret = AVERROR(ENOMEM); > goto fail; > } > - sub_path_size = strlen(dirname) + strlen(segment->sub_filename) + 1; > - sub_path = av_malloc(sub_path_size); > - if (!sub_path) { > - ret = AVERROR(ENOMEM); > - goto fail; > - } > > av_strlcpy(path, dirname, path_size); > av_strlcat(path, segment->filename, path_size); > @@ -179,14 +173,23 @@ static int hls_delete_old_segments(HLSContext *hls) { > path, strerror(errno)); > } > > - av_strlcpy(sub_path, dirname, sub_path_size); > - av_strlcat(sub_path, segment->sub_filename, sub_path_size); > - if (unlink(sub_path) < 0) { > - av_log(hls, AV_LOG_ERROR, "failed to delete old segment %s: > %s\n", > - sub_path, strerror(errno)); > + if (segment->sub_filename[0] != '\0') { > + sub_path_size = strlen(dirname) + strlen(segment->sub_filename) > + 1; > + sub_path = av_malloc(sub_path_size); > + if (!sub_path) { > + ret = AVERROR(ENOMEM); > + goto fail; > + } > + > + av_strlcpy(sub_path, dirname, sub_path_size); > + av_strlcat(sub_path, segment->sub_filename, sub_path_size); > + if (unlink(sub_path) < 0) { > + av_log(hls, AV_LOG_ERROR, "failed to delete old segment %s: > %s\n", > + sub_path, strerror(errno)); > + } > + av_free(sub_path); > } > av_freep(&path); > - av_free(sub_path); > previous_segment = segment; > segment = previous_segment->next; > av_free(previous_segment); > @@ -312,6 +315,8 @@ static int hls_append_segment(HLSContext *hls, double > duration, int64_t pos, > > if(hls->has_subtitle) > av_strlcpy(en->sub_filename, av_basename(hls->vtt_avf->filename), > sizeof(en->sub_filename)); > + else > + en->sub_filename[0] = '\0'; > > en->duration = duration; > en->pos = pos; > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel