On Mon, 4 Aug 2025, Michael Niedermayer wrote:
On Thu, Jul 31, 2025 at 04:21:35PM +0800, Cai Fan wrote:
Signed-off-by: Cai Fan <caifan0...@163.com>
---
libavformat/img2enc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/img2enc.c b/libavformat/img2enc.c
index 41638d92b8..9a5718a8da 100644
--- a/libavformat/img2enc.c
+++ b/libavformat/img2enc.c
@@ -180,7 +180,12 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt)
}
for (i = 0; i < 4; i++) {
av_dict_copy(&options, img->protocol_opts, 0);
- snprintf(img->tmp[i], sizeof(img->tmp[i]), "%s.tmp", filename);
+ int len = snprintf(img->tmp[i], sizeof(img->tmp[i]), "%s.tmp",
filename);
+ if (len < 0 || len >= sizeof(img->tmp[i])) {
+ av_log(s, AV_LOG_ERROR, "filename '%s' exceeds buffer size %zu\n",
filename, sizeof(img->tmp[i]));
+ ret = AVERROR(EINVAL);
+ goto fail;
+ }
is there a reason this doesnt use av_asprintf() ?
that is allocate as needed
Actually I did that extra step and more:
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20077
So I guess this patch is now obsolete, sorry about that, but it was a
relatively low hanging fruit.
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
