From 2fc8ea249f325c2017137847bc1a565b77f40f11 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 12 Jan 2005 00:59:42 +0000
Subject: [PATCH] dissallow sprintf
Originally committed as revision 3823 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
ffmpeg.c | 2 +-
libavcodec/apiexample.c | 11 ++++++-----
libavcodec/common.h | 1 +
libavcodec/huffyuv.c | 5 +++--
libavcodec/imgresample.c | 2 +-
libavcodec/mpegaudiodec.c | 2 +-
libavcodec/ratecontrol.c | 2 +-
libavcodec/utils.c | 2 +-
libavformat/udp.c | 2 +-
9 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/ffmpeg.c b/ffmpeg.c
index eaebc01f667..df06304c8c8 100644
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -949,7 +949,7 @@ static void do_video_stats(AVFormatContext *os, AVOutputStream *ost,
if (!fvstats) {
today2 = time(NULL);
today = localtime(&today2);
- sprintf(filename, "vstats_%02d%02d%02d.log", today->tm_hour,
+ snprintf(filename, sizeof(filename), "vstats_%02d%02d%02d.log", today->tm_hour,
today->tm_min,
today->tm_sec);
fvstats = fopen(filename,"w");
diff --git a/libavcodec/apiexample.c b/libavcodec/apiexample.c
index a2ee99dfc13..0c7617d8536 100644
--- a/libavcodec/apiexample.c
+++ b/libavcodec/apiexample.c
@@ -415,7 +415,8 @@ int options_example(int argc, char* argv[])
AVCodec* codec = avcodec_find_encoder_by_name((argc > 1) ? argv[2] : "mpeg4");
const AVOption* c;
AVCodecContext* avctx;
- char* def = av_malloc(5000);
+#define DEF_SIZE 5000
+ char* def = av_malloc(DEF_SIZE);
const char* col = "";
int i = 0;
@@ -449,16 +450,16 @@ int options_example(int argc, char* argv[])
"unknown??", c->name);
switch (t) {
case FF_OPT_TYPE_BOOL:
- i += sprintf(def + i, "%s%s=%s",
+ i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
col, c->name,
c->defval != 0. ? "on" : "off");
break;
case FF_OPT_TYPE_DOUBLE:
- i += sprintf(def + i, "%s%s=%f",
+ i += snprintf(def + i, DEF_SIZE-i, "%s%s=%f",
col, c->name, c->defval);
break;
case FF_OPT_TYPE_INT:
- i += sprintf(def + i, "%s%s=%d",
+ i += snprintf(def + i, DEF_SIZE-i, "%s%s=%d",
col, c->name, (int) c->defval);
break;
case FF_OPT_TYPE_STRING:
@@ -467,7 +468,7 @@ int options_example(int argc, char* argv[])
char* f = strchr(d, ',');
if (f)
*f = 0;
- i += sprintf(def + i, "%s%s=%s",
+ i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
col, c->name, d);
av_free(d);
}
diff --git a/libavcodec/common.h b/libavcodec/common.h
index 5b59def89f8..c33812e6978 100644
--- a/libavcodec/common.h
+++ b/libavcodec/common.h
@@ -499,6 +499,7 @@ tend= rdtsc();\
#define time time_is_forbidden_due_to_security_issues
#define rand rand_is_forbidden_due_to_state_trashing
#define srand srand_is_forbidden_due_to_state_trashing
+#define sprintf sprintf_is_forbidden_due_to_security_issues_use_snprintf
#if !(defined(LIBAVFORMAT_BUILD) || defined(_FRAMEHOOK_H))
#define printf please_use_av_log
#define fprintf please_use_av_log
diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
index 5dec85c0cf9..fbc20ad5e2d 100644
--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -1170,13 +1170,14 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size,
if((s->flags&CODEC_FLAG_PASS1) && (s->picture_number&31)==0){
int j;
char *p= avctx->stats_out;
+ char *end= p + 1024*30;
for(i=0; i<3; i++){
for(j=0; j<256; j++){
- sprintf(p, "%llu ", s->stats[i][j]);
+ snprintf(p, end-p, "%llu ", s->stats[i][j]);
p+= strlen(p);
s->stats[i][j]= 0;
}
- sprintf(p, "\n");
+ snprintf(p, end-p, "\n");
p++;
}
}else{
diff --git a/libavcodec/imgresample.c b/libavcodec/imgresample.c
index 3b74a827949..2c7e1120ac4 100644
--- a/libavcodec/imgresample.c
+++ b/libavcodec/imgresample.c
@@ -730,7 +730,7 @@ int main(int argc, char **argv)
img + 50 * XSIZE, XSIZE, XSIZE, YSIZE - 100);
img_resample_close(s);
- sprintf(buf, "/tmp/out%d.pgm", i);
+ snprintf(buf, sizeof(buf), "/tmp/out%d.pgm", i);
save_pgm(buf, img1, xsize, ysize);
}
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 0ff5fcbb98b..48a168451d7 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -2130,7 +2130,7 @@ void sample_dump(int fnum, int32_t *tab, int n)
f = files[fnum];
if (!f) {
- sprintf(buf, "/tmp/out%d.%s.pcm",
+ snprintf(buf, sizeof(buf), "/tmp/out%d.%s.pcm",
fnum,
#ifdef USE_HIGHPRECISION
"hp"
diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c
index a304f48f1a9..71af4f4ec83 100644
--- a/libavcodec/ratecontrol.c
+++ b/libavcodec/ratecontrol.c
@@ -38,7 +38,7 @@ static int init_pass2(MpegEncContext *s);
static double get_qscale(MpegEncContext *s, RateControlEntry *rce, double rate_factor, int frame_num);
void ff_write_pass1_stats(MpegEncContext *s){
- sprintf(s->avctx->stats_out, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
+ snprintf(s->avctx->stats_out, 256, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
s->current_picture_ptr->display_picture_number, s->current_picture_ptr->coded_picture_number, s->pict_type,
s->current_picture.quality, s->i_tex_bits, s->p_tex_bits, s->mv_bits, s->misc_bits,
s->f_code, s->b_code, s->current_picture.mc_mb_var_sum, s->current_picture.mb_var_sum, s->i_count);
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 4111a630988..d1b3ca3c94a 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -762,7 +762,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
strcpy(channels_str, "5:1");
break;
default:
- sprintf(channels_str, "%d channels", enc->channels);
+ snprintf(channels_str, sizeof(channels_str), "%d channels", enc->channels);
break;
}
if (enc->sample_rate) {
diff --git a/libavformat/udp.c b/libavformat/udp.c
index a90f36c2804..b95f238d26a 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -121,7 +121,7 @@ struct addrinfo* udp_ipv6_resolve_host(const char *hostname, int port, int type,
const char *node = 0, *service = 0;
if (port > 0) {
- sprintf(sport, "%d", port);
+ snprintf(sport, sizeof(sport), "%d", port);
service = sport;
}
if ((hostname) && (hostname[0] != '\0') && (hostname[0] != '?')) {
--
GitLab