[x265] [PATCH 2/4] Limit buffer size operation for sprintf() on malloc'd buffer

Karam Singh karam.singh at multicorewareinc.com
Tue Oct 15 15:11:50 UTC 2024 

>From 7449319165689e3bd9fa08df94e97a9f941b4e64 Mon Sep 17 00:00:00 2001
From: Vittorio Giovara <vittorio.giovara at gmail.com>
Date: Tue, 15 Oct 2024 16:04:43 +0530
Subject: [PATCH 2/4] Limit buffer size operation for sprintf() on malloc'd
 buffer

---
 source/encoder/encoder.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/encoder/encoder.cpp b/source/encoder/encoder.cpp
index 431fb32b3..21a4d5518 100644
--- a/source/encoder/encoder.cpp
+++ b/source/encoder/encoder.cpp
@@ -3448,11 +3448,11 @@ void Encoder::getStreamHeaders(NALList& list,
Entropy& sbacCoder, Bitstream& bs)
         char *opts = x265_param2string(m_param,
m_sps.conformanceWindow.rightOffset, m_sps.conformanceWindow.bottomOffset);
         if (opts)
         {
-            char *buffer = X265_MALLOC(char, strlen(opts) +
strlen(PFX(version_str)) +
-                strlen(PFX(build_info_str)) + 200);
+            int len = strlen(opts) + strlen(PFX(version_str)) +
strlen(PFX(build_info_str)) + 200;
+            char *buffer = X265_MALLOC(char, len);
             if (buffer)
             {
-                sprintf(buffer, "x265 (build %d) - %s:%s - H.265/HEVC
codec - "
+                snprintf(buffer, len, "x265 (build %d) - %s:%s -
H.265/HEVC codec - "
                     "Copyright 2013-2018 (c) Multicoreware, Inc - "
                     "http://x265.org - options: %s",
                     X265_BUILD, PFX(version_str), PFX(build_info_str),
opts);
-- 
2.41.0.windows.1

*__________________________*
*Karam Singh*
*Ph.D. IIT Guwahati*
Senior Software (Video Coding) Engineer
Mobile: +91 8011279030
Block 9A, 6th floor, DLF Cyber City
Manapakkam, Chennai 600 089
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/x265-devel/attachments/20241015/761211ae/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Limit-buffer-size-operation-for-sprintf-on-malloc-d-.patch
Type: application/octet-stream
Size: 1492 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/x265-devel/attachments/20241015/761211ae/attachment.obj>

More information about the x265-devel mailing list