PR #21599 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21599 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21599.patch
Found-by: Sarthak Munshi <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> >From 1739a50cdba18bbb4e1b6ea19fbf37f2b5e1f114 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 27 Jan 2026 16:57:30 +0100 Subject: [PATCH] avformat/hlsenc: fix format string vulnerability in parse_playlist (alternative fix) Found-by: Sarthak Munshi <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/hlsenc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 7105404d1e..ee64a5a275 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -1242,13 +1242,13 @@ static int parse_playlist(AVFormatContext *s, const char *url, VariantStream *vs if (vs->has_subtitle) { int vtt_index = extract_segment_number(line); const char *vtt_basename = av_basename(vs->vtt_basename); - int len = strlen(vtt_basename) + 11; - char *vtt_file = av_mallocz(len); - if (!vtt_file) { + char *vtt_file = NULL; + int ret = replace_int_data_in_filename(&vtt_file, vtt_basename, 'd', vtt_index); + if (ret < 0 || !vtt_file) { ret = AVERROR(ENOMEM); goto fail; } - snprintf(vtt_file, len, vtt_basename, vtt_index); + ff_format_set_url(vs->vtt_avf, vtt_file); } -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
