[Ffmpeg-devel] [PATCH] MinGW and portability
Måns Rullgård
mru
Wed Mar 29 00:02:47 CEST 2006
Rich Felker <dalias at aerifal.cx> writes:
> On Tue, Mar 28, 2006 at 09:43:54PM +0100, M?ns Rullg?rd wrote:
>> > #define fseeko(x,y,z) fseeko64(x,y,z)
>> > #define ftello(x) ftello64(x)
>> > +#else
>> > +#define fseeko(x,y,z) fseek(x,y,z)
>> > +#define ftello(x) ftell(x)
>> > +#endif
>
> This is EXTREMELY WRONG and will break large file support on every
> single platform except windows!!
Not quite that bad. There was an #ifdef __MINGW32__ around that whole
lot.
>> > +#if defined(WIN32) || defined(__MINGW32__)
>> > +
>> > +#include <stdarg.h>
>> > +
>> > +int snprintf(char *buf, const char *fmt, size_t size, ...) {
>> > + va_list ap;
>> > + int ret;
>> > +
>> > + va_start(ap, size);
>> > + ret = vsprintf(buf, fmt, ap);
>> > + va_end(ap);
>> > + return ret;
>> > +}
>> > +
>> > +#endif
>>
>> Potential security risk. Rejected.
>
> More than just potential.
The potential is there only if it is ever called with a pattern that
can overflow the supplied buffer. With only numerical arguments it is
easy to calculate the maximum size (although people tend to forget
little details like - signs). String arguments can do anything, of
course.
--
M?ns Rullg?rd
mru at inprovide.com
More information about the ffmpeg-devel
mailing list