From 76e3f8242d607ac0394b7894196f83f8d02ce5ca Mon Sep 17 00:00:00 2001
From: DHE <git@dehacked.net>
Date: Thu, 1 Oct 2015 19:21:33 -0400
Subject: [PATCH] libavformat/hlsenc: Use of uninitialized memory unlinking old
 files

Fixes ticket#4900

Signed-off-by: DHE <git@dehacked.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/hlsenc.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 473ca3a722..8daf53f8bb 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -165,12 +165,6 @@ static int hls_delete_old_segments(HLSContext *hls) {
             ret = AVERROR(ENOMEM);
             goto fail;
         }
-        sub_path_size = strlen(dirname) + strlen(segment->sub_filename) + 1;
-        sub_path = av_malloc(sub_path_size);
-        if (!sub_path) {
-            ret = AVERROR(ENOMEM);
-            goto fail;
-        }
 
         av_strlcpy(path, dirname, path_size);
         av_strlcat(path, segment->filename, path_size);
@@ -179,14 +173,23 @@ static int hls_delete_old_segments(HLSContext *hls) {
                                      path, strerror(errno));
         }
 
-        av_strlcpy(sub_path, dirname, sub_path_size);
-        av_strlcat(sub_path, segment->sub_filename, sub_path_size);
-        if (unlink(sub_path) < 0) {
-            av_log(hls, AV_LOG_ERROR, "failed to delete old segment %s: %s\n",
-                                     sub_path, strerror(errno));
+        if (segment->sub_filename[0] != '\0') {
+            sub_path_size = strlen(dirname) + strlen(segment->sub_filename) + 1;
+            sub_path = av_malloc(sub_path_size);
+            if (!sub_path) {
+                ret = AVERROR(ENOMEM);
+                goto fail;
+            }
+
+            av_strlcpy(sub_path, dirname, sub_path_size);
+            av_strlcat(sub_path, segment->sub_filename, sub_path_size);
+            if (unlink(sub_path) < 0) {
+                av_log(hls, AV_LOG_ERROR, "failed to delete old segment %s: %s\n",
+                                         sub_path, strerror(errno));
+            }
+            av_free(sub_path);
         }
         av_freep(&path);
-        av_free(sub_path);
         previous_segment = segment;
         segment = previous_segment->next;
         av_free(previous_segment);
@@ -312,6 +315,8 @@ static int hls_append_segment(HLSContext *hls, double duration, int64_t pos,
 
     if(hls->has_subtitle)
         av_strlcpy(en->sub_filename, av_basename(hls->vtt_avf->filename), sizeof(en->sub_filename));
+    else
+        en->sub_filename[0] = '\0';
 
     en->duration = duration;
     en->pos      = pos;