id	summary	reporter	owner	description	type	status	priority	component	version	resolution	keywords	cc	blockedby	blocking	reproduced	analyzed
1780	potential buffer overflow, based on wrong fscanf format indentifier	ettl.martin		"Please take a look at following source snippet from {{{ffmpeg/ffserver.c}}}, lines 2034 - 2041:
{{{
                        char cpuperc[10];
                        char cpuused[64];

                        if (fscanf(pid_stat, ""%10s %64s"", cpuperc,
                                   cpuused) == 2) {
                            avio_printf(pb, ""Currently using %s%% of the cpu. Total time used %s.\n"",
                                         cpuperc, cpuused);
                        }
}}}

Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end.

Best regards and many thanks

Martin Ettl
"	defect	closed	normal	FFserver	git-master	fixed					0	0