From 7449319165689e3bd9fa08df94e97a9f941b4e64 Mon Sep 17 00:00:00 2001
From: Vittorio Giovara <vittorio.giovara@gmail.com>
Date: Tue, 15 Oct 2024 16:04:43 +0530
Subject: [PATCH 2/4] Limit buffer size operation for sprintf() on malloc'd
 buffer

---
 source/encoder/encoder.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/encoder/encoder.cpp b/source/encoder/encoder.cpp
index 431fb32b3..21a4d5518 100644
--- a/source/encoder/encoder.cpp
+++ b/source/encoder/encoder.cpp
@@ -3448,11 +3448,11 @@ void Encoder::getStreamHeaders(NALList& list, Entropy& sbacCoder, Bitstream& bs)
         char *opts = x265_param2string(m_param, m_sps.conformanceWindow.rightOffset, m_sps.conformanceWindow.bottomOffset);
         if (opts)
         {
-            char *buffer = X265_MALLOC(char, strlen(opts) + strlen(PFX(version_str)) +
-                strlen(PFX(build_info_str)) + 200);
+            int len = strlen(opts) + strlen(PFX(version_str)) + strlen(PFX(build_info_str)) + 200;
+            char *buffer = X265_MALLOC(char, len);
             if (buffer)
             {
-                sprintf(buffer, "x265 (build %d) - %s:%s - H.265/HEVC codec - "
+                snprintf(buffer, len, "x265 (build %d) - %s:%s - H.265/HEVC codec - "
                     "Copyright 2013-2018 (c) Multicoreware, Inc - "
                     "http://x265.org - options: %s",
                     X265_BUILD, PFX(version_str), PFX(build_info_str), opts);
-- 
2.41.0.windows.1