#1780(FFmpeg:new): potential buffer overflow, based on wrong fscanf format indentifier
#1780: potential buffer overflow, based on wrong fscanf format indentifier -------------------------------------+------------------------------------- Reporter: ettl.martin | Type: defect Status: new | Priority: critical Component: FFmpeg | Version: git- Keywords: | master Blocking: | Blocked By: Analyzed by developer: 0 | Reproduced by developer: 0 -------------------------------------+------------------------------------- Please take a look at following source snippet from {{{ffmpeg/ffserver.c}}}, lines 2034 - 2041: {{{ char cpuperc[10]; char cpuused[64]; if (fscanf(pid_stat, "%10s %64s", cpuperc, cpuused) == 2) { avio_printf(pb, "Currently using %s%% of the cpu. Total time used %s.\n", cpuperc, cpuused); } }}} Here the fscanf format string width is wrong. This means, in order to prevent them from overflowing, please change them to {{{%9s %63s}}, because of the trailing nullterminating string ('\0') at the end. Best regards and many thanks Martin Ettl -- Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1780> FFmpeg <http://ffmpeg.org> FFmpeg issue tracker
#1780: potential buffer overflow, based on wrong fscanf format indentifier -------------------------------------+------------------------------------ Reporter: ettl.martin | Owner: Type: defect | Status: closed Priority: normal | Component: FFserver Version: git-master | Resolution: invalid Keywords: | Blocked By: Blocking: | Reproduced by developer: 0 Analyzed by developer: 0 | -------------------------------------+------------------------------------ Changes (by cehoyos): * priority: critical => normal * resolution: => invalid * status: new => closed * component: FFmpeg => FFserver Comment: If you believe there is a problem, please send a patch to ffmpeg-devel -- Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1780#comment:1> FFmpeg <http://ffmpeg.org> FFmpeg issue tracker
#1780: potential buffer overflow, based on wrong fscanf format indentifier -------------------------------------+------------------------------------ Reporter: ettl.martin | Owner: Type: defect | Status: closed Priority: normal | Component: FFserver Version: git-master | Resolution: invalid Keywords: | Blocked By: Blocking: | Reproduced by developer: 0 Analyzed by developer: 0 | -------------------------------------+------------------------------------ Comment (by reimar): I think we can scratch the "believe there is a problem" and say "could you please be so kind to send a patch to ffmpeg-devel"? Preferably formatted/created by git send-mail or similar so it includes correct author tagging and commit message. -- Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1780#comment:2> FFmpeg <http://ffmpeg.org> FFmpeg issue tracker
#1780: potential buffer overflow, based on wrong fscanf format indentifier -------------------------------------+------------------------------------ Reporter: ettl.martin | Owner: Type: defect | Status: closed Priority: normal | Component: FFserver Version: git-master | Resolution: fixed Keywords: | Blocked By: Blocking: | Reproduced by developer: 0 Analyzed by developer: 0 | -------------------------------------+------------------------------------ Changes (by michael): * resolution: invalid => fixed Comment: bug fixed thanks for the report -- Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1780#comment:3> FFmpeg <http://ffmpeg.org> FFmpeg issue tracker
participants (1)
-
FFmpeg