GNOME Bugzilla – Bug 752428
dashdemux: replace sscanf with strtoul
Last modified: 2018-11-03 13:37:42 UTC
gstmpdparser.c file uses sscanf(..., "%u", ...) to read numbers from the xml file. sscanf is unable to indicate the fact that the input string was completely parsed or not. For example, for the input "123xyz" the sscanf function will return 1 (it successfully read an integer). A better function is strtol (and strtoul, etc). This has the ability to provide a pointer to the next unparsed character in string. Using this, we can detect if the original string was valid or not. The question is how restrictive the parser should be? Where a number is expected in an xml attribute and a "123xyz" is provided, should the parser read and use 123 or it should signal an error? Currently it reads just 123 and no error or warnings are issued (provided it does not need to parse the attribute further than the number). So, should we make the parser more restrictive or not?
I'd make the parser less strict instead of more, in the worse case, it's not going to work anyway.
A restrictive parser will at least detect the 123xyz situations and: 1) will issue a warning about suspicious values (very useful when debugging, especially if we are talking about durations, ranges, etc) 2) could either return 123 (as it currently does) or the default value for that attribute. I started this ticket because I feel the default value might be a better solution than returning a suspicious value. But indeed, for mandatory attributes that means a failure to play.
We could use the %n format specifier in sscanf to verify the consumed character count.
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/274.