#1780 closed defect (fixed)
potential buffer overflow, based on wrong fscanf format indentifier
| Reported by: | Martin Ettl | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | ffserver |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Please take a look at following source snippet from ffmpeg/ffserver.c, lines 2034 - 2041:
char cpuperc[10];
char cpuused[64];
if (fscanf(pid_stat, "%10s %64s", cpuperc,
cpuused) == 2) {
avio_printf(pb, "Currently using %s%% of the cpu. Total time used %s.\n",
cpuperc, cpuused);
}
Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end.
Best regards and many thanks
Martin Ettl
Change History (3)
comment:1 by , 12 years ago
| Component: | FFmpeg → FFserver |
|---|---|
| Priority: | critical → normal |
| Resolution: | → invalid |
| Status: | new → closed |
comment:2 by , 12 years ago
I think we can scratch the "believe there is a problem" and say "could you please be so kind to send a patch to ffmpeg-devel"? Preferably formatted/created by git send-mail or similar so it includes correct author tagging and commit message.
Note:
See TracTickets
for help on using tickets.
If you believe there is a problem, please send a patch to ffmpeg-devel