[FFmpeg-devel] Patch (1/2) Decoding of Teletext Descriptor (0x56)

Mon Sep 23 14:28:59 CEST 2013

On Mon, Sep 23, 2013 at 01:25:19PM +0100, JULIAN GARDNER wrote:
[...]
> >> +            if (l<(sizeof( language) - 9)) {
> >> +                mag = type;
> >> +                type >>= 3;
> >> +                if (type < sizeof( types)) {
> >> +                    mag &= 7; if (!mag) mag = 8;
> >> +                    sprintf( language+l, "%c%c%c,%c%d%02x,", l0, l1,
> >> +                        l2, types[ type], mag, page);
> >
> >use snprintf, the your if don't look safe enougth to me.
> >
> 
> 
> > +            if (l<(sizeof( language) - 9)) {
> Hmm this protects against a buffer overrun
> 

At least %d can be abused in your sprintf. Maybe %02x as well depending on
the situation. Just use the safe snprintf.

[...]

-- 
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130923/ea1bcce1/attachment.asc>