highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libswcale: Fix possible string overflow in test.

Browse Source 
In libswcale/tests/swcale.c, the function fileTest() calls sscanf in
an argument of "%12s" on character srcStr[] and dstStr[], which are
only 12 bytes.  So, if the input string is 12 characters, a
terminating null byte can be written past the end of these arrays.

This bug was found by cppcheck.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ed4930618b170de57a9086e1e9892216454684)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Adam Richter 2019-05-12 05:03:25 -07:00 committed by Michael Niedermayer
parent 332de4c1e4
commit b55cf5f53d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libswscale/swscale-test.c
View File

@ -297,10 +297,10 @@ static int fileTest(uint8_t *ref[4], int refStride[4], int w, int h, FILE *fp,
while (fgets(buf, sizeof(buf), fp)) { while (fgets(buf, sizeof(buf), fp)) {
struct Results r; struct Results r;
enum AVPixelFormat srcFormat; enum AVPixelFormat srcFormat;
char srcStr[12]; char srcStr[13];
int srcW = 0, srcH = 0; int srcW = 0, srcH = 0;
enum AVPixelFormat dstFormat; enum AVPixelFormat dstFormat;
char dstStr[12]; char dstStr[13];
int dstW = 0, dstH = 0; int dstW = 0, dstH = 0;
int flags; int flags;
int ret; int ret;