[FFmpeg-devel] [PATCH 2/2] OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c by using strncpy instead of strcpy

Michael Niedermayer michaelni at gmx.at
Mon Apr 27 13:19:23 CEST 2015 

On Mon, Apr 27, 2015 at 07:51:36AM +0000, Gupta, Maneesh wrote:
> Hi,
> 
> There was a potential buffer overflow during a strcpy operation in cmdutils_opencl.c. This patch attempts to fix the same.
> 
> Regards,
> Maneesh

>  cmdutils_opencl.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> b6d9e0b4f9efc1d0ae9d3f05b7802c81007999d7  0002-OpenCL-Replace-strcpy-with-strncpy-to-avoid-buffer-o.patch
> From 026f4de0628c3e7e0211ee0f6c96e816ff757cd1 Mon Sep 17 00:00:00 2001
> From: Maneesh Gupta <maneesh.gupta at amd.com>
> Date: Sat, 25 Apr 2015 11:17:05 +0530
> Subject: [PATCH 2/2] OpenCL: Replace strcpy with strncpy to avoid buffer
>  overflows
> 
> Signed-off-by: Maneesh Gupta <maneesh.gupta at amd.com>
> ---
>  cmdutils_opencl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/cmdutils_opencl.c b/cmdutils_opencl.c
> index 3dfd156..73cab98 100644
> --- a/cmdutils_opencl.c
> +++ b/cmdutils_opencl.c
> @@ -238,7 +238,7 @@ int opt_opencl_bench(void *optctx, const char *opt, const char *arg)
>                  devices[count].platform_idx = i;
>                  devices[count].device_idx = j;
>                  devices[count].runtime = score;
> -                strcpy(devices[count].device_name, device_node->device_name);
> +                strncpy(devices[count].device_name, device_node->device_name, 64);
this should be
sizeof(devices[count].device_name)
and av_strlcpy()

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150427/0d0133c7/attachment.asc>

More information about the ffmpeg-devel mailing list