[FFmpeg-devel] [PATCH] ffmpeg: avoid scanf in keyboard command parsing

Hendrik Leppkes h.leppkes at gmail.com
Mon Aug 3 22:02:17 CEST 2015


Mixing stdio and low-level IO on stdin is not safe.
---
 ffmpeg.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ffmpeg.c b/ffmpeg.c
index 5575e2f..206b3dc 100644
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -3428,9 +3428,17 @@ static int check_keyboard_interaction(int64_t cur_time)
             if(!debug) debug = 1;
             while(debug & (FF_DEBUG_DCT_COEFF|FF_DEBUG_VIS_QP|FF_DEBUG_VIS_MB_TYPE)) //unsupported, would just crash
                 debug += debug;
-        }else
-            if(scanf("%d", &debug)!=1)
+        }else{
+            char buf[32];
+            int k = 0;
+            i = 0;
+            while ((k = read_key()) != '\n' && k != '\r' && i < sizeof(buf)-1)
+                if (k > 0)
+                    buf[i++] = k;
+            buf[i] = 0;
+            if (k <= 0 || sscanf(buf, "%d", &debug)!=1)
                 fprintf(stderr,"error parsing debug value\n");
+        }
         for(i=0;i<nb_input_streams;i++) {
             input_streams[i]->st->codec->debug = debug;
         }
-- 
1.9.5.msysgit.1



More information about the ffmpeg-devel mailing list