"Ronald S. Bultje" <[email protected]> writes: > Hi, > > On Tue, May 24, 2011 at 8:14 AM, Anton Khirnov <[email protected]> wrote: >> From: Michael Niedermayer <[email protected]> >> >> This may be security relevant depending upon the used terminal. >> >> Signed-off-by: Michael Niedermayer <[email protected]> >> Signed-off-by: Anton Khirnov <[email protected]> >> --- >> libavutil/log.c | 9 +++++++++ >> 1 files changed, 9 insertions(+), 0 deletions(-) >> >> diff --git a/libavutil/log.c b/libavutil/log.c >> index c44130c..fe9a54e 100644 >> --- a/libavutil/log.c >> +++ b/libavutil/log.c >> @@ -80,6 +80,14 @@ const char* av_default_item_name(void* ptr){ >> return (*(AVClass**)ptr)->class_name; >> } >> >> +static void sanitize(uint8_t *line){ >> + while(*line){ >> + if(*line < 0x08 || (*line > 0x0D && *line < 0x20)) >> + *line='?'; >> + line++; >> + } >> +} >> + > > What idiot (sorry) would av_log() such characters? Isn't this pebkac?
The patch author presumably. I agree, this is pointless. Such characters can end up in av_log() output in one of two ways: 1. They are part of the format string. 2. They are part of a %s argument. Only a complete idiot would do 1. 2 could happen only if a buffer with unknown content were passed as argument to %s. If the contents are not known, it is probably not null-terminated either, and you have a much bigger problem. In other words, only an idiot would that too. -- Måns Rullgård [email protected] _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
