[FFmpeg-devel] [PATCH 2/2] drawtext: introduce fontcolor argument expansion

Nicolas George george at nsup.org
Mon Jun 23 16:46:34 CEST 2014

Le quintidi 5 messidor, an CCXXII, Andrey Utkin a écrit :
> I tried to guard against formatting specifier misuse, but now it just
> checks number of specifiers. I am not really sure if this is
> completely secure. Is it really possible to end up with overread or
> dumping particular region of application memory through this?

If you ask the question, then you have to assume the answer is yes. That is
the only sane approach for security issues.


  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140623/1593c5d5/attachment.asc>

More information about the ffmpeg-devel mailing list