dissallow sprintf

Originally committed as revision 3823 to svn://svn.ffmpeg.org/ffmpeg/trunk

dissallow sprintf
Originally committed as revision 3823 to svn://svn.ffmpeg.org/ffmpeg/trunk
2fc8ea24 · Michael Niedermayer · 0ecca7a4 · 2fc8ea24 · 2fc8ea24 · 2fc8ea24
9 changed file
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -949,7 +949,7 @@ static void do_video_stats(AVFormatContext *os, AVOutputStream *ost,
    if (!fvstats) {
        today2 = time(NULL);
        today = localtime(&today2);
-        sprintf(filename, "vstats_%02d%02d%02d.log", today->tm_hour,
+        snprintf(filename, sizeof(filename), "vstats_%02d%02d%02d.log", today->tm_hour,
                                               today->tm_min,
                                               today->tm_sec);
        fvstats = fopen(filename,"w");

--- a/libavcodec/apiexample.c
+++ b/libavcodec/apiexample.c
@@ -415,7 +415,8 @@ int options_example(int argc, char* argv[])
    AVCodec* codec = avcodec_find_encoder_by_name((argc > 1) ? argv[2] : "mpeg4");
    const AVOption* c;
    AVCodecContext* avctx;
-    char* def = av_malloc(5000);
+#define DEF_SIZE 5000
+    char* def = av_malloc(DEF_SIZE);
    const char* col = "";
    int i = 0;
@@ -449,16 +450,16 @@ int options_example(int argc, char* argv[])
 		       "unknown??", c->name);
 		switch (t) {
 		case FF_OPT_TYPE_BOOL:
-		    i += sprintf(def + i, "%s%s=%s",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
 				 col, c->name,
 				 c->defval != 0. ? "on" : "off");
 		    break;
 		case FF_OPT_TYPE_DOUBLE:
-		    i += sprintf(def + i, "%s%s=%f",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%f",
 				 col, c->name, c->defval);
 		    break;
 		case FF_OPT_TYPE_INT:
-		    i += sprintf(def + i, "%s%s=%d",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%d",
 				 col, c->name, (int) c->defval);
 		    break;
 		case FF_OPT_TYPE_STRING:
@@ -467,7 +468,7 @@ int options_example(int argc, char* argv[])
 			char* f = strchr(d, ',');
 			if (f)
                            *f = 0;
-			i += sprintf(def + i, "%s%s=%s",
+			i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
 				     col, c->name, d);
                        av_free(d);
 		    }

--- a/libavcodec/common.h
+++ b/libavcodec/common.h
@@ -499,6 +499,7 @@ tend= rdtsc();\
 #define time time_is_forbidden_due_to_security_issues
 #define rand rand_is_forbidden_due_to_state_trashing
 #define srand srand_is_forbidden_due_to_state_trashing
+#define sprintf sprintf_is_forbidden_due_to_security_issues_use_snprintf
 #if !(defined(LIBAVFORMAT_BUILD) || defined(_FRAMEHOOK_H))
 #define printf please_use_av_log
 #define fprintf please_use_av_log

--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -1170,13 +1170,14 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size,
    if((s->flags&CODEC_FLAG_PASS1) && (s->picture_number&31)==0){
        int j;
        char *p= avctx->stats_out;
+        char *end= p + 1024*30;
        for(i=0; i<3; i++){
            for(j=0; j<256; j++){
-                sprintf(p, "%llu ", s->stats[i][j]);
+                snprintf(p, end-p, "%llu ", s->stats[i][j]);
                p+= strlen(p);
                s->stats[i][j]= 0;
            }
-            sprintf(p, "\n");
+            snprintf(p, end-p, "\n");
            p++;
        }
    }else{

--- a/libavcodec/imgresample.c
+++ b/libavcodec/imgresample.c
@@ -730,7 +730,7 @@ int main(int argc, char **argv)
                           img + 50 * XSIZE, XSIZE, XSIZE, YSIZE - 100);
        img_resample_close(s);
-        sprintf(buf, "/tmp/out%d.pgm", i);
+        snprintf(buf, sizeof(buf), "/tmp/out%d.pgm", i);
        save_pgm(buf, img1, xsize, ysize);
    }

--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -2130,7 +2130,7 @@ void sample_dump(int fnum, int32_t *tab, int n)
    f = files[fnum];
    if (!f) {
-        sprintf(buf, "/tmp/out%d.%s.pcm", 
+        snprintf(buf, sizeof(buf), "/tmp/out%d.%s.pcm", 
                fnum, 
 #ifdef USE_HIGHPRECISION
                "hp"

--- a/libavcodec/ratecontrol.c
+++ b/libavcodec/ratecontrol.c
@@ -38,7 +38,7 @@ static int init_pass2(MpegEncContext *s);
 static double get_qscale(MpegEncContext *s, RateControlEntry *rce, double rate_factor, int frame_num);
 void ff_write_pass1_stats(MpegEncContext *s){
-    sprintf(s->avctx->stats_out, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
+    snprintf(s->avctx->stats_out, 256, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
            s->current_picture_ptr->display_picture_number, s->current_picture_ptr->coded_picture_number, s->pict_type, 
            s->current_picture.quality, s->i_tex_bits, s->p_tex_bits, s->mv_bits, s->misc_bits, 
            s->f_code, s->b_code, s->current_picture.mc_mb_var_sum, s->current_picture.mb_var_sum, s->i_count);

--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -762,7 +762,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
                strcpy(channels_str, "5:1");
                break;
            default:
-                sprintf(channels_str, "%d channels", enc->channels);
+                snprintf(channels_str, sizeof(channels_str), "%d channels", enc->channels);
                break;
        }
        if (enc->sample_rate) {

--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -121,7 +121,7 @@ struct addrinfo* udp_ipv6_resolve_host(const char *hostname, int port, int type,
    const char *node = 0, *service = 0;
    if (port > 0) {
-        sprintf(sport, "%d", port);
+        snprintf(sport, sizeof(sport), "%d", port);
        service = sport;
    }
    if ((hostname) && (hostname[0] != '\0') && (hostname[0] != '?')) {