diff options
author | Avi Halachmi (:avih) <avihpit@yahoo.com> | 2021-04-04 14:11:15 +0300 |
---|---|---|
committer | Avi Halachmi (:avih) <avihpit@yahoo.com> | 2021-04-05 18:24:55 +0300 |
commit | d0c530919d8cd4d7a774e38ab064e0fabdae34e6 (patch) | |
tree | ac37629e8b56475c28811c9553bace3bad077aff /stream | |
parent | ef9596f78ede35dd6aef999d774c76e0e447243d (diff) | |
download | mpv-d0c530919d8cd4d7a774e38ab064e0fabdae34e6.tar.bz2 mpv-d0c530919d8cd4d7a774e38ab064e0fabdae34e6.tar.xz |
demux_mf: improve format string processing
Before this commit, the user could specify a printf format string
which wasn't verified, and could result in:
- Undefined behavior due to missing or non-matching arguments.
- Buffer overflow due to untested result length.
The offending code was added at commit 103a9609 (2002, mplayer svn):
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@4566 b3059339-0415-0410-9bf9-f77b7e298cf2
It moved around but was not modified meaningfully until now.
Now we reject all conversion specifiers at the format except %%
and a simple subset of the valid specifiers. Also, we now use
snprintf to avoid buffer overflow.
The format string is provided by the user as part of mf:// URI.
Report and initial patch by Stefan Schiller.
Patch reviewed by @jeeb, @sfan5, Stefan Schiller.
Diffstat (limited to 'stream')
0 files changed, 0 insertions, 0 deletions