[x265] [PATCH 4/4] Limit buffer size operation for unsafe sprintf() calls
Mahesh Pittala
mahesh at multicorewareinc.com
Tue Oct 29 11:34:35 UTC 2024
Pushed four patches to the release_4.1 branch
On Tue, Oct 15, 2024 at 8:43 PM Karam Singh <
karam.singh at multicorewareinc.com> wrote:
> From 0e0ce486799929d45ee35a30797c21afdafe99b7 Mon Sep 17 00:00:00 2001
> From: Vittorio Giovara <vittorio.giovara at gmail.com>
> Date: Tue, 15 Oct 2024 20:11:01 +0530
> Subject: [PATCH 4/4] Limit buffer size operation for unsafe sprintf() calls
>
> This function does not impose any size limitation to what it writes to,
> which may lead to stack buffer overflows if there is no validation on
> the size of the input. Use snprintf() instead.
> ---
> source/common/common.cpp | 4 ++--
> source/encoder/ratecontrol.cpp | 4 ++--
> source/profile/vtune/vtune.cpp | 2 +-
> source/x265cli.cpp | 2 +-
> 4 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/source/common/common.cpp b/source/common/common.cpp
> index b33248782..4925d59a9 100644
> --- a/source/common/common.cpp
> +++ b/source/common/common.cpp
> @@ -133,7 +133,7 @@ void general_log(const x265_param* param, const char*
> caller, int level, const c
> }
>
> if (caller)
> - p += sprintf(buffer, "%-4s [%s]: ", caller, log_level);
> + p += snprintf(buffer, sizeof(buffer), "%-4s [%s]: ", caller,
> log_level);
> va_list arg;
> va_start(arg, fmt);
> vsnprintf(buffer + p, bufferSize - p, fmt, arg);
> @@ -175,7 +175,7 @@ void general_log_file(const x265_param* param, const
> char* caller, int level, co
> }
>
> if (caller)
> - p += sprintf(buffer, "%-4s [%s]: ", caller, log_level);
> + p += snprintf(buffer, sizeof(buffer), "%-4s [%s]: ", caller,
> log_level);
> va_list arg;
> va_start(arg, fmt);
> vsnprintf(buffer + p, bufferSize - p, fmt, arg);
> diff --git a/source/encoder/ratecontrol.cpp
> b/source/encoder/ratecontrol.cpp
> index 1e4555676..50adefc19 100644
> --- a/source/encoder/ratecontrol.cpp
> +++ b/source/encoder/ratecontrol.cpp
> @@ -3250,8 +3250,8 @@ int RateControl::writeRateControlFrameStats(Frame*
> curFrame, RateControlEntry* r
>
> for (i = 0; i < num; i++)
> {
> - sprintf(deltaPOC, "%s%d~", deltaPOC, rpsWriter->deltaPOC[i]);
> - sprintf(bUsed, "%s%d~", bUsed, rpsWriter->bUsed[i]);
> + snprintf(deltaPOC, sizeof(deltaPOC), "%s%d~", deltaPOC,
> rpsWriter->deltaPOC[i]);
> + snprintf(bUsed, sizeof(bUsed), "%s%d~", bUsed,
> rpsWriter->bUsed[i]);
> }
>
> if (fprintf(m_statFileOut,
> diff --git a/source/profile/vtune/vtune.cpp
> b/source/profile/vtune/vtune.cpp
> index 1eb347cce..4545ab50f 100644
> --- a/source/profile/vtune/vtune.cpp
> +++ b/source/profile/vtune/vtune.cpp
> @@ -51,7 +51,7 @@ void vtuneInit()
> void vtuneSetThreadName(const char *name, int id)
> {
> char threadname[128];
> - sprintf(threadname, "%s %d", name, id);
> + snprintf(threadname, sizeof(threadname), "%s %d", name, id);
> __itt_thread_set_name(threadname);
> }
>
> diff --git a/source/x265cli.cpp b/source/x265cli.cpp
> index 2593e1ee5..790df9a88 100755
> --- a/source/x265cli.cpp
> +++ b/source/x265cli.cpp
> @@ -981,7 +981,7 @@ namespace X265_NS {
> if (param->logLevel >= X265_LOG_INFO)
> {
> char buf[128];
> - int p = sprintf(buf, "%dx%d fps %d/%d %sp%d",
> param->sourceWidth, param->sourceHeight,
> + int p = snprintf(buf, sizeof(buf), "%dx%d fps %d/%d %sp%d",
> param->sourceWidth, param->sourceHeight,
> param->fpsNum, param->fpsDenom,
> x265_source_csp_names[param->internalCsp], info[0].depth);
>
> int width, height;
> --
> 2.36.0.windows.1
>
> *__________________________*
> *Karam Singh*
> *Ph.D. IIT Guwahati*
> Senior Software (Video Coding) Engineer
> Mobile: +91 8011279030
> Block 9A, 6th floor, DLF Cyber City
> Manapakkam, Chennai 600 089
> _______________________________________________
> x265-devel mailing list
> x265-devel at videolan.org
> https://mailman.videolan.org/listinfo/x265-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/x265-devel/attachments/20241029/c239c33d/attachment.htm>
More information about the x265-devel
mailing list