>From e3dfd967467257d652abb7a198c74e1ac881c04c Mon Sep 17 00:00:00 2001 From: Vittorio Giovara <vittorio.giov...@gmail.com> Date: Tue, 15 Oct 2024 20:05:00 +0530 Subject: [PATCH 3/4] Limit buffer size operation for unsafe sscanf() calls
This function does not impose any size limitation to what it writes to,
which may lead to stack buffer overflows if there is no validation on
the size of the input. Use format modifiers to read the largest possible
value held by buffers instead.
---
source/encoder/ratecontrol.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source/encoder/ratecontrol.cpp b/source/encoder/ratecontrol.cpp
index fe854a837..1e4555676 100644
--- a/source/encoder/ratecontrol.cpp
+++ b/source/encoder/ratecontrol.cpp
@@ -698,7 +698,7 @@ bool RateControl::init(const SPS& sps)
char bUsed[40];
memset(deltaPOC, 0, sizeof(deltaPOC));
memset(bUsed, 0, sizeof(bUsed));
- e += sscanf(p, " in:%*d out:%*d type:%c q:%lf
q-aq:%lf q-noVbv:%lf q-Rceq:%lf tex:%d mv:%d misc:%d icu:%lf pcu:%lf
scu:%lf nump:%d numnegp:%d numposp:%d deltapoc:%s bused:%s",
+ e += sscanf(p, " in:%*d out:%*d type:%c q:%lf
q-aq:%lf q-noVbv:%lf q-Rceq:%lf tex:%d mv:%d misc:%d icu:%lf pcu:%lf
scu:%lf nump:%d numnegp:%d numposp:%d deltapoc:%127s bused:%39s",
&picType, &qpRc, &qpAq, &qNoVbv, &qRceq,
&rce->coeffBits,
&rce->mvBits, &rce->miscBits, &rce->iCuCount,
&rce->pCuCount,
&rce->skipCuCount,
&rce->rpsData.numberOfPictures, &rce->rpsData.numberOfNegativePictures,
&rce->rpsData.numberOfPositivePictures, deltaPOC, bUsed);
--
2.36.0.windows.1
*__________________________*
*Karam Singh*
*Ph.D. IIT Guwahati*
Senior Software (Video Coding) Engineer
Mobile: +91 8011279030
Block 9A, 6th floor, DLF Cyber City
Manapakkam, Chennai 600 089
0003_Limit_buffer_size_operation_for_unsafe_sscanf_calls.diff
Description: Binary data
_______________________________________________ x265-devel mailing list x265-devel@videolan.org https://mailman.videolan.org/listinfo/x265-devel
