[FFmpeg-devel] [PATCH] lavfi/drawtext: allow controling expression output

Nicolas George nicolas.george at normalesup.org
Mon Jul 15 09:57:07 CEST 2013


Le sextidi 26 messidor, an CCXXI, Paul B Mahol a écrit :
> +    else if (argv[1])
> +        av_bprintf(bp, argv[1], res);

It makes the text string vulnerable to malicious format string. Since,
AFAIK, until now the text string was not vulnerable to anything known and
therefore could be accepted from untrusted sources, this amounts to a major
change.

It may be better to validate argv[1] against a few known patterns that will
always convert a single double argument.

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130715/445cba37/attachment.asc>


More information about the ffmpeg-devel mailing list