• Andreas Rheinhardt's avatar
    avutil/bprint: Allow size == 0 in av_bprint_init_for_buffer() · 8bea4a83
    Andreas Rheinhardt authored
    The AVBPrint API guarantees that the string buffer is always
    zero-terminated; in order to honour this guarantee, there
    obviously must be a string buffer at all and it must have
    a size >= 1. Therefore av_bprint_init_for_buffer() treats
    passing a NULL buffer or size == 0 as invalid data that
    leads to undefined behaviour, namely NPD in case NULL is provided
    or a write to a buffer of size 0 in case size == 0.
    
    But it would be easy to support this, namely by using the internal
    buffer with AV_BPRINT_SIZE_COUNT_ONLY in case size == 0.
    
    There is a reason to allow this: Several functions like
    av_channel_(description|name) are actually wrappers
    around corresponding AVBPrint functions. They accept user
    provided buffers and are supposed to return the required
    size of the buffer, which would allow the user to call
    it once to get the required buffer size and call it once
    more after having allocated the buffer.
    If av_bprint_init_for_buffer() treats size == 0 as invalid,
    all these users would need to check for this themselves
    and basically add the same codeblock that this patch
    adds to av_bprint_init_for_buffer().
    
    This change is in line with e.g. snprintf() which also allows
    the pointer to be NULL in case size is zero.
    
    This fixes Coverity issues #1503074, #1503076 and #1503082;
    all of these issues are about providing NULL to the channel-layout
    functions that are wrappers around AVBPrint versions.
    Reviewed-by: 's avatarNicolas George <george@nsup.org>
    Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@outlook.com>
    8bea4a83
bprint.h 8.61 KB