Re: [PATCH spice-server 3/3] reds: Fix one case parsing invalid codec string

Christophe Fergeau <cfergeau@xxxxxxxxxx> · Tue, 3 Jul 2018 10:29:03 +0200



Acked-by: Christophe Fergeau <cfergeau@xxxxxxxxxx>

On Wed, Jun 27, 2018 at 08:00:37AM +0100, Frediano Ziglio wrote:
> In case we pass something like "spice:mjpeg$%*" the last part is
> ignore making the string parse correctly.
> A single pair should end by either string terminator or pair terminator.
> 
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
>  server/reds.c                      | 10 +++++++---
>  server/tests/test-codecs-parsing.c |  6 ++++++
>  2 files changed, 13 insertions(+), 3 deletions(-)
> 
> Maybe for future extension we should support also syntaxes
> like "encoder:codec:whatsoever" ?
> 
> diff --git a/server/reds.c b/server/reds.c
> index 4d343b25..03c2bfa1 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -3555,10 +3555,14 @@ static const char* parse_video_codecs(const char *codecs, char **encoder,
>      }
>      int n;
>      *encoder = *codec = NULL;
> -    if (sscanf(codecs, "%m[0-9a-zA-Z_]:%m[0-9a-zA-Z_]%n", encoder, codec, &n) != 2) {
> -        return codecs + strcspn(codecs, ";");
> +    if (sscanf(codecs, "%m[0-9a-zA-Z_]:%m[0-9a-zA-Z_]%n", encoder, codec, &n) == 2) {
> +        // this avoids accepting "encoder:codec" followed by garbage like "$%*"
> +        if (codecs[n] != ';' && codecs[n] != '\0') {
> +            free(*codec);
> +            *codec = NULL;
> +        }
>      }
> -    return codecs + n;
> +    return codecs + strcspn(codecs, ";");
>  }
>  
>  static void reds_set_video_codecs_from_string(RedsState *reds, const char *codecs)
> diff --git a/server/tests/test-codecs-parsing.c b/server/tests/test-codecs-parsing.c
> index 860a575e..7998501c 100644
> --- a/server/tests/test-codecs-parsing.c
> +++ b/server/tests/test-codecs-parsing.c
> @@ -115,6 +115,12 @@ static void codecs_bad(void)
>              G_LOG_LEVEL_WARNING,
>              "*spice: invalid encoder:codec value*",
>              TRUE,
> +        },{
> +            // invalid character in codec
> +            "spice:mjpeg&",
> +            G_LOG_LEVEL_WARNING,
> +            "*spice: invalid encoder:codec value*",
> +            TRUE,
>          },
>  #if !defined(HAVE_GSTREAMER_1_0) && !defined(HAVE_GSTREAMER_0_10)
>          {
> -- 
> 2.17.1
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc

Description: PGP signature
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel