[FFmpeg-devel] [PATCH] bprint: Remove custom vsnprintf
Michael Niedermayer
michaelni at gmx.at
Sun Sep 9 14:23:24 CEST 2012
On Sun, Sep 09, 2012 at 12:15:27PM +0200, Ronald S. Bultje wrote:
> Hi,
>
> On Sun, Sep 9, 2012 at 11:05 AM, Nicolas George
> <nicolas.george at normalesup.org> wrote:
> > Le duodi 22 fructidor, an CCXX, Derek Buitenhuis a écrit :
> >> A proper implementation was introduced in
> >> ba537202801d71711f1ef9306a6248dd2d426fa0 for MSVC, and
> >> MinGW already has vsnprintf.
> >
> > Unless I am mistaken, this implementation can not be used for bprint: it
> > never returns a value larger than the provided buffer
>
> Speaking of - ffmpeg relies on the opposite behaviour in quite a few
> cases. E.g. ffserver.c:
>
> q += snprintf(q, q - (char *) c->buffer + c->buffer_size,
> "HTTP/1.0 200 OK\r\n");
> q += snprintf(q, q - (char *) c->buffer + c->buffer_size, "Pragma:
> no-cache\r\n");
> q += snprintf(q, q - (char *) c->buffer + c->buffer_size,
> "Server: Cougar 4.1.0.3923\r\nCache-Control: no-cache\r\nPragma:
> client-id=%d\r\nPragma: features=\"broadcast\"\r\n",
> c->wmp_client_id);
> q += snprintf(q, q - (char *) c->buffer + c->buffer_size,
> "Content-Type: %s\r\n", mime_type);
> q += snprintf(q, q - (char *) c->buffer + c->buffer_size, "\r\n");
> q += snprintf(q, c->buffer_size,
>
> All of these are exploitable bugs in violation of the C spec.
fixed
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120909/f53560d3/attachment.asc>
More information about the ffmpeg-devel
mailing list