Ticket #1780 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

potential buffer overflow, based on wrong fscanf format indentifier

Reported by: ettl.martin Owned by:
Priority: normal Component: FFserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Please take a look at following source snippet from ffmpeg/ffserver.c, lines 2034 - 2041:

                        char cpuperc[10];
                        char cpuused[64];

                        if (fscanf(pid_stat, "%10s %64s", cpuperc,
                                   cpuused) == 2) {
                            avio_printf(pb, "Currently using %s%% of the cpu. Total time used %s.\n",
                                         cpuperc, cpuused);
                        }

Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end.

Best regards and many thanks

Martin Ettl

Change History

comment:1 Changed 8 months ago by cehoyos

  • Priority changed from critical to normal
  • Resolution set to invalid
  • Status changed from new to closed
  • Component changed from FFmpeg to FFserver

If you believe there is a problem, please send a patch to ffmpeg-devel

comment:2 Changed 8 months ago by reimar

I think we can scratch the "believe there is a problem" and say "could you please be so kind to send a patch to ffmpeg-devel"? Preferably formatted/created by git send-mail or similar so it includes correct author tagging and commit message.

comment:3 Changed 8 months ago by michael

  • Resolution changed from invalid to fixed

bug fixed

thanks for the report

Note: See TracTickets for help on using tickets.