[FFmpeg-devel] [PATCH] lavfi/drawtext: allow controling expression output

Nicolas George nicolas.george at normalesup.org
Mon Jul 15 09:57:07 CEST 2013

Le sextidi 26 messidor, an CCXXI, Paul B Mahol a écrit :
> +    else if (argv[1])
> +        av_bprintf(bp, argv[1], res);

It makes the text string vulnerable to malicious format string. Since,
AFAIK, until now the text string was not vulnerable to anything known and
therefore could be accepted from untrusted sources, this amounts to a major

It may be better to validate argv[1] against a few known patterns that will
always convert a single double argument.


  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130715/445cba37/attachment.asc>

More information about the ffmpeg-devel mailing list