eval: replace variable-length array with av_malloc/free

There is a theoretical possibility to pass a very long string to ff_parse, which could crash if allocated from the stack. This allows the allocation to be checked properly. git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19670 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

eval: replace variable-length array with av_malloc/free
There is a theoretical possibility to pass a very long string to ff_parse, which could crash if allocated from the stack. This allows the allocation to be checked properly. git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19670 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
cb0fd010 · mru · 921c4951 · cb0fd010
Commit cb0fd010 authored Aug 19, 2009 by mru
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

libavcodec/eval.c libavcodec/eval.c +9 -3

No files found.
--- a/libavcodec/eval.c
+++ b/libavcodec/eval.c
@@ -369,8 +369,12 @@ AVEvalExpr * ff_parse(const char *s, const char * const *const_name,
               double (**func2)(void *, double, double), const char **func2_name,
               const char **error){
    Parser p;
-    AVEvalExpr * e;
+    AVEvalExpr *e = NULL;
-    char w[strlen(s) + 1], * wp = w;
+    char *w = av_malloc(strlen(s) + 1);
+    char *wp = w;
+    if (!w)
+        goto end;
    while (*s)
        if (!isspace(*s++)) *wp++ = s[-1];
@@ -388,8 +392,10 @@ AVEvalExpr * ff_parse(const char *s, const char * const *const_name,
    e = parse_expr(&p);
    if (!verify_expr(e)) {
        ff_eval_free(e);
-        return NULL;
+        e = NULL;
    }
+end:
+    av_free(w);
    return e;
 }