[FFmpeg-cvslog] libswcale: Fix possible string overflow in test.
Adam Richter
git at videolan.org
Mon May 13 21:52:20 EEST 2019
ffmpeg | branch: release/3.2 | Adam Richter <adamrichter4 at gmail.com> | Sun May 12 05:03:25 2019 -0700| [280f5c4fcfc9ce14035d0f66e4ad01e489c2194e] | committer: Michael Niedermayer
libswcale: Fix possible string overflow in test.
In libswcale/tests/swcale.c, the function fileTest() calls sscanf in
an argument of "%12s" on character srcStr[] and dstStr[], which are
only 12 bytes. So, if the input string is 12 characters, a
terminating null byte can be written past the end of these arrays.
This bug was found by cppcheck.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b8ed4930618b170de57a9086e1e9892216454684)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=280f5c4fcfc9ce14035d0f66e4ad01e489c2194e
---
libswscale/tests/swscale.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libswscale/tests/swscale.c b/libswscale/tests/swscale.c
index be4cd9a08e..e552e348d3 100644
--- a/libswscale/tests/swscale.c
+++ b/libswscale/tests/swscale.c
@@ -308,10 +308,10 @@ static int fileTest(uint8_t *ref[4], int refStride[4], int w, int h, FILE *fp,
while (fgets(buf, sizeof(buf), fp)) {
struct Results r;
enum AVPixelFormat srcFormat;
- char srcStr[12];
+ char srcStr[13];
int srcW = 0, srcH = 0;
enum AVPixelFormat dstFormat;
- char dstStr[12];
+ char dstStr[13];
int dstW = 0, dstH = 0;
int flags;
int ret;
More information about the ffmpeg-cvslog
mailing list