[FFmpeg-cvslog] libswcale: Fix possible string overflow in test.

Adam Richter git at videolan.org
Mon May 13 15:10:05 EEST 2019


ffmpeg | branch: master | Adam Richter <adamrichter4 at gmail.com> | Sun May 12 05:03:25 2019 -0700| [b8ed4930618b170de57a9086e1e9892216454684] | committer: Michael Niedermayer

libswcale: Fix possible string overflow in test.

In libswcale/tests/swcale.c, the function fileTest() calls sscanf in
an argument of "%12s" on character srcStr[] and dstStr[], which are
only 12 bytes.  So, if the input string is 12 characters, a
terminating null byte can be written past the end of these arrays.

This bug was found by cppcheck.

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b8ed4930618b170de57a9086e1e9892216454684
---

 libswscale/tests/swscale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libswscale/tests/swscale.c b/libswscale/tests/swscale.c
index e72c4c3306..cb731f6211 100644
--- a/libswscale/tests/swscale.c
+++ b/libswscale/tests/swscale.c
@@ -312,10 +312,10 @@ static int fileTest(const uint8_t * const ref[4], int refStride[4],
     while (fgets(buf, sizeof(buf), fp)) {
         struct Results r;
         enum AVPixelFormat srcFormat;
-        char srcStr[12];
+        char srcStr[13];
         int srcW = 0, srcH = 0;
         enum AVPixelFormat dstFormat;
-        char dstStr[12];
+        char dstStr[13];
         int dstW = 0, dstH = 0;
         int flags;
         int ret;



More information about the ffmpeg-cvslog mailing list