Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#1780 closed defect (fixed)

potential buffer overflow, based on wrong fscanf format indentifier

Reported by: Martin Ettl Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Please take a look at following source snippet from ffmpeg/ffserver.c, lines 2034 - 2041:

                        char cpuperc[10];
                        char cpuused[64];

                        if (fscanf(pid_stat, "%10s %64s", cpuperc,
                                   cpuused) == 2) {
                            avio_printf(pb, "Currently using %s%% of the cpu. Total time used %s.\n",
                                         cpuperc, cpuused);
                        }

Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end.

Best regards and many thanks

Martin Ettl

Change History (3)

comment:1 by Carl Eugen Hoyos, 11 years ago

Component: FFmpegFFserver
Priority: criticalnormal
Resolution: invalid
Status: newclosed

If you believe there is a problem, please send a patch to ffmpeg-devel

comment:2 by reimar, 11 years ago

I think we can scratch the "believe there is a problem" and say "could you please be so kind to send a patch to ffmpeg-devel"? Preferably formatted/created by git send-mail or similar so it includes correct author tagging and commit message.

comment:3 by Michael Niedermayer, 11 years ago

Resolution: invalidfixed

bug fixed

thanks for the report

Note: See TracTickets for help on using tickets.