[Ffmpeg-devel] [PATCH] check with MAX_FILES in case buffer overflow

Limin Wang lance.lmwang
Wed Feb 28 05:11:44 CET 2007 

Hi,

* Benoit Fouet <benoit.fouet at purplelabs.com> [2007-02-26 12:37:17 +0100]:

> Limin Wang wrote:
> > Hi,
> >
> > The patch try to fix the buffer overflow in case more than MAX_FILES input
> > files/output files/stream maps/meta maps. Please review it.
> >
> > Thanks,
> > Limin
> >   
> > ------------------------------------------------------------------------
> >
> > Index: ffmpeg.c
> > ===================================================================
> > --- ffmpeg.c	(revision 8129)
> > +++ ffmpeg.c	(working copy)
> > @@ -2465,6 +2465,12 @@
> >      AVStreamMap *m;
> >      const char *p;
> >  
> > +    if( nb_stream_maps >= MAX_FILES ) {
> > +        fprintf(stderr, "The number of stream maps could not > %d \n",
> > +                MAX_FILES);
> > +        exit(1);
> > +    }
> > +
> >   
> maybe you could just write: "The number of stream maps could not exceed
> %d\n" instead :)

fixed it. Please review the new patch.

Thanks,
Limin
-------------- next part --------------
Index: ffmpeg.c
===================================================================
--- ffmpeg.c	(revision 8129)
+++ ffmpeg.c	(working copy)
@@ -2465,6 +2465,12 @@
     AVStreamMap *m;
     const char *p;
 
+    if( nb_stream_maps >= MAX_FILES ) {
+        fprintf(stderr, "The number of stream maps could not exceed %d \n",
+                MAX_FILES);
+        exit(1);
+    }
+
     p = arg;
     m = &stream_maps[nb_stream_maps++];
 
@@ -2490,6 +2496,12 @@
     AVMetaDataMap *m;
     const char *p;
 
+    if( nb_meta_data_maps >= MAX_FILES ) {
+        fprintf(stderr, "The number of meta data maps could not exceed %d \n",
+                MAX_FILES);
+        exit(1);
+    }
+
     p = arg;
     m = &meta_data_maps[nb_meta_data_maps++];
 
@@ -2527,6 +2539,12 @@
     int err, i, ret, rfps, rfps_base;
     int64_t timestamp;
 
+    if( nb_input_files >= MAX_FILES ) {
+        fprintf(stderr, "The number of input files could not exceed %d \n",
+                MAX_FILES);
+        exit(1);
+    }
+
     if (!strcmp(filename, "-"))
         filename = "pipe:";
 
@@ -3010,6 +3028,12 @@
     int use_video, use_audio, input_has_video, input_has_audio, i;
     AVFormatParameters params, *ap = ¶ms;
 
+    if( nb_output_files >= MAX_FILES ) {
+        fprintf(stderr, "The number of output files could not exceed %d \n",
+                MAX_FILES);
+        exit(1);
+    }
+
     if (!strcmp(filename, "-"))
         filename = "pipe:";
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070228/4aa97e41/attachment.pgp>

More information about the ffmpeg-devel mailing list