From 2fc8ea249f325c2017137847bc1a565b77f40f11 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Jan 2005 00:59:42 +0000 Subject: [PATCH] dissallow sprintf Originally committed as revision 3823 to svn://svn.ffmpeg.org/ffmpeg/trunk --- ffmpeg.c | 2 +- libavcodec/apiexample.c | 11 ++++++----- libavcodec/common.h | 1 + libavcodec/huffyuv.c | 5 +++-- libavcodec/imgresample.c | 2 +- libavcodec/mpegaudiodec.c | 2 +- libavcodec/ratecontrol.c | 2 +- libavcodec/utils.c | 2 +- libavformat/udp.c | 2 +- 9 files changed, 16 insertions(+), 13 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index eaebc01f66..df06304c8c 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -949,7 +949,7 @@ static void do_video_stats(AVFormatContext *os, AVOutputStream *ost, if (!fvstats) { today2 = time(NULL); today = localtime(&today2); - sprintf(filename, "vstats_%02d%02d%02d.log", today->tm_hour, + snprintf(filename, sizeof(filename), "vstats_%02d%02d%02d.log", today->tm_hour, today->tm_min, today->tm_sec); fvstats = fopen(filename,"w"); diff --git a/libavcodec/apiexample.c b/libavcodec/apiexample.c index a2ee99dfc1..0c7617d853 100644 --- a/libavcodec/apiexample.c +++ b/libavcodec/apiexample.c @@ -415,7 +415,8 @@ int options_example(int argc, char* argv[]) AVCodec* codec = avcodec_find_encoder_by_name((argc > 1) ? argv[2] : "mpeg4"); const AVOption* c; AVCodecContext* avctx; - char* def = av_malloc(5000); +#define DEF_SIZE 5000 + char* def = av_malloc(DEF_SIZE); const char* col = ""; int i = 0; @@ -449,16 +450,16 @@ int options_example(int argc, char* argv[]) "unknown??", c->name); switch (t) { case FF_OPT_TYPE_BOOL: - i += sprintf(def + i, "%s%s=%s", + i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s", col, c->name, c->defval != 0. ? "on" : "off"); break; case FF_OPT_TYPE_DOUBLE: - i += sprintf(def + i, "%s%s=%f", + i += snprintf(def + i, DEF_SIZE-i, "%s%s=%f", col, c->name, c->defval); break; case FF_OPT_TYPE_INT: - i += sprintf(def + i, "%s%s=%d", + i += snprintf(def + i, DEF_SIZE-i, "%s%s=%d", col, c->name, (int) c->defval); break; case FF_OPT_TYPE_STRING: @@ -467,7 +468,7 @@ int options_example(int argc, char* argv[]) char* f = strchr(d, ','); if (f) *f = 0; - i += sprintf(def + i, "%s%s=%s", + i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s", col, c->name, d); av_free(d); } diff --git a/libavcodec/common.h b/libavcodec/common.h index 5b59def89f..c33812e697 100644 --- a/libavcodec/common.h +++ b/libavcodec/common.h @@ -499,6 +499,7 @@ tend= rdtsc();\ #define time time_is_forbidden_due_to_security_issues #define rand rand_is_forbidden_due_to_state_trashing #define srand srand_is_forbidden_due_to_state_trashing +#define sprintf sprintf_is_forbidden_due_to_security_issues_use_snprintf #if !(defined(LIBAVFORMAT_BUILD) || defined(_FRAMEHOOK_H)) #define printf please_use_av_log #define fprintf please_use_av_log diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c index 5dec85c0cf..fbc20ad5e2 100644 --- a/libavcodec/huffyuv.c +++ b/libavcodec/huffyuv.c @@ -1170,13 +1170,14 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size, if((s->flags&CODEC_FLAG_PASS1) && (s->picture_number&31)==0){ int j; char *p= avctx->stats_out; + char *end= p + 1024*30; for(i=0; i<3; i++){ for(j=0; j<256; j++){ - sprintf(p, "%llu ", s->stats[i][j]); + snprintf(p, end-p, "%llu ", s->stats[i][j]); p+= strlen(p); s->stats[i][j]= 0; } - sprintf(p, "\n"); + snprintf(p, end-p, "\n"); p++; } }else{ diff --git a/libavcodec/imgresample.c b/libavcodec/imgresample.c index 3b74a82794..2c7e1120ac 100644 --- a/libavcodec/imgresample.c +++ b/libavcodec/imgresample.c @@ -730,7 +730,7 @@ int main(int argc, char **argv) img + 50 * XSIZE, XSIZE, XSIZE, YSIZE - 100); img_resample_close(s); - sprintf(buf, "/tmp/out%d.pgm", i); + snprintf(buf, sizeof(buf), "/tmp/out%d.pgm", i); save_pgm(buf, img1, xsize, ysize); } diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 0ff5fcbb98..48a168451d 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -2130,7 +2130,7 @@ void sample_dump(int fnum, int32_t *tab, int n) f = files[fnum]; if (!f) { - sprintf(buf, "/tmp/out%d.%s.pcm", + snprintf(buf, sizeof(buf), "/tmp/out%d.%s.pcm", fnum, #ifdef USE_HIGHPRECISION "hp" diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c index a304f48f1a..71af4f4ec8 100644 --- a/libavcodec/ratecontrol.c +++ b/libavcodec/ratecontrol.c @@ -38,7 +38,7 @@ static int init_pass2(MpegEncContext *s); static double get_qscale(MpegEncContext *s, RateControlEntry *rce, double rate_factor, int frame_num); void ff_write_pass1_stats(MpegEncContext *s){ - sprintf(s->avctx->stats_out, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n", + snprintf(s->avctx->stats_out, 256, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n", s->current_picture_ptr->display_picture_number, s->current_picture_ptr->coded_picture_number, s->pict_type, s->current_picture.quality, s->i_tex_bits, s->p_tex_bits, s->mv_bits, s->misc_bits, s->f_code, s->b_code, s->current_picture.mc_mb_var_sum, s->current_picture.mb_var_sum, s->i_count); diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 4111a63098..d1b3ca3c94 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -762,7 +762,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode) strcpy(channels_str, "5:1"); break; default: - sprintf(channels_str, "%d channels", enc->channels); + snprintf(channels_str, sizeof(channels_str), "%d channels", enc->channels); break; } if (enc->sample_rate) { diff --git a/libavformat/udp.c b/libavformat/udp.c index a90f36c280..b95f238d26 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -121,7 +121,7 @@ struct addrinfo* udp_ipv6_resolve_host(const char *hostname, int port, int type, const char *node = 0, *service = 0; if (port > 0) { - sprintf(sport, "%d", port); + snprintf(sport, sizeof(sport), "%d", port); service = sport; } if ((hostname) && (hostname[0] != '\0') && (hostname[0] != '?')) { -- GitLab