[FFmpeg-devel] [PATCH] Added the interface for the Turing codec
Matteo Naccari
Matteo.Naccari at bbc.co.uk
Mon Nov 28 18:31:45 EET 2016
> This lib has a really weird API... Anyway, access to p++ seems unbounded and
> could go past the argv array. The string overflow checks also look
> questionable. snprintf() returns the size the string would have had and isn't
> limited by the buffer passed to it, so the s pointer can go out of bounds
> (which is undefined behavior). Also, "end - s"
> will underflow, making the attempt to avoid a buffer overflow pointless.
The patch we just submitted should address this point: now the buffer size for the command line option depends on the actual number of options passed by the user for the Turing codec.
Matteo Naccari
-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------
More information about the ffmpeg-devel
mailing list