http: fix potentially dangerous whitespace skipping code

If the string consists entirely of whitespace, this could in theory continue to write '\0' before the start of the memory allocation. In practice, it didn't really happen: the generic HTTP header parsing code already skips leading whitespaces, so the string is either empty, or consists a non-whitespace. (The generic code and the cookie code actually have different ideas about what bytes are whitespace: the former uses av_isspace(), the latter uses WHITESPACES. Fortunately, av_isspace() is a super set of the http.c specific WHITESPACES, so there's probably no case where the above assumption could have been broken.)

http: fix potentially dangerous whitespace skipping code
If the string consists entirely of whitespace, this could in theory continue to write '\0' before the start of the memory allocation. In practice, it didn't really happen: the generic HTTP header parsing code already skips leading whitespaces, so the string is either empty, or consists a non-whitespace. (The generic code and the cookie code actually have different ideas about what bytes are whitespace: the former uses av_isspace(), the latter uses WHITESPACES. Fortunately, av_isspace() is a super set of the http.c specific WHITESPACES, so there's probably no case where the above assumption could have been broken.)
b7d842c5 · wm4 · c0687acb · b7d842c5
Commit b7d842c5 authored Mar 08, 2018 by wm4
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

http.c libavformat/http.c +2 -0

No files found.
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -760,6 +760,8 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
    back = &cstr[strlen(cstr)-1];
    while (strchr(WHITESPACES, *back)) {
        *back='\0';
+        if (back == cstr)
+            break;
        back--;
    }