Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1780 closed defect (fixed)

potential buffer overflow, based on wrong fscanf format indentifier

Reported by: ettl.martin Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


Please take a look at following source snippet from ffmpeg/ffserver.c, lines 2034 - 2041:

                        char cpuperc[10];
                        char cpuused[64];

                        if (fscanf(pid_stat, "%10s %64s", cpuperc,
                                   cpuused) == 2) {
                            avio_printf(pb, "Currently using %s%% of the cpu. Total time used %s.\n",
                                         cpuperc, cpuused);

Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end.

Best regards and many thanks

Martin Ettl

Change History (3)

comment:1 Changed 8 years ago by cehoyos

  • Component changed from FFmpeg to FFserver
  • Priority changed from critical to normal
  • Resolution set to invalid
  • Status changed from new to closed

If you believe there is a problem, please send a patch to ffmpeg-devel

comment:2 Changed 8 years ago by reimar

I think we can scratch the "believe there is a problem" and say "could you please be so kind to send a patch to ffmpeg-devel"? Preferably formatted/created by git send-mail or similar so it includes correct author tagging and commit message.

comment:3 Changed 8 years ago by michael

  • Resolution changed from invalid to fixed

bug fixed

thanks for the report

Note: See TracTickets for help on using tickets.