[FFmpeg-devel] [PATCH 2/2] drawtext: introduce fontcolor argument expansion
Andrey Utkin
andrey.krieger.utkin at gmail.com
Mon Jun 23 16:43:32 CEST 2014
2014-06-23 17:27 GMT+03:00 Stefano Sabatini <stefasab at gmail.com>:
> If I understand it correctly this evaluates some expression of the
> kind "%d" 42.00 -> "42", right? I'd prefer this in a separate patch,
> also I believe this has some security implications (for example an
> invalid format sequence may lead to a crash).
Right.
I tried to guard against formatting specifier misuse, but now it just
checks number of specifiers. I am not really sure if this is
completely secure. Is it really possible to end up with overread or
dumping particular region of application memory through this? If yes,
then i'll work on fixing such issues.
Thanks for other notes, will fix them.
--
Andrey Utkin
More information about the ffmpeg-devel
mailing list