[FFmpeg-trac] #1780(FFmpeg:new): potential buffer overflow, based on wrong fscanf format indentifier
FFmpeg
trac at avcodec.org
Tue Oct 2 12:31:51 CEST 2012
#1780: potential buffer overflow, based on wrong fscanf format indentifier
-------------------------------------+-------------------------------------
Reporter: ettl.martin | Type: defect
Status: new | Priority: critical
Component: FFmpeg | Version: git-
Keywords: | master
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Please take a look at following source snippet from
{{{ffmpeg/ffserver.c}}}, lines 2034 - 2041:
{{{
char cpuperc[10];
char cpuused[64];
if (fscanf(pid_stat, "%10s %64s", cpuperc,
cpuused) == 2) {
avio_printf(pb, "Currently using %s%% of the
cpu. Total time used %s.\n",
cpuperc, cpuused);
}
}}}
Here the fscanf format string width is wrong. This means, in order to
prevent them from overflowing, please change them to {{{%9s %63s}},
because of the trailing nullterminating string ('\0') at the end.
Best regards and many thanks
Martin Ettl
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1780>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list