On Sun, 30 Nov 2014, Vittorio Giovara wrote:
On Sat, Nov 29, 2014 at 10:03 PM, Martin Storsjö <[email protected]> wrote:
On Sat, 29 Nov 2014, Vittorio Giovara wrote:
If the patch would have included more context, you'd see how this creates an
off-by-one bug. The following line outside of the patch context is:
str[str_size] = 0;
Now in this case, the 'str' buffer is allocated to a size of str_size_alloc,
which is equal to str_size.
Which is the best way to handle this? Would you suggest something like this
str_size_alloc = raw ? str_size - 1 : str_size * 2;
str_size + 1
or reducing the index by one, like
str[str_size - 1] = 0;
Uhh, no, that'd drop the last char of each string?
// Martin
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
