[Mlt-devel] [PATCH 2/8] mlt_filter.c: fix possible buffer overflows
Brought to you by:
ddennedy,
lilo_booter
From: Mikko R. <mik...@ik...> - 2012-07-25 22:30:14
|
Fixes Coverity CID 709411: Copy into fixed size buffer (STRING_OVERFLOW) You might overrun the 20 byte fixed-size string "name" by copying "unique_id" without checking the length. 257 strcat( name, unique_id ); and CID 709412: Copy into fixed size buffer (STRING_OVERFLOW) You might overrun the 20 byte fixed-size string "name" by copying "unique_id" without checking the length. 302 strcat( name, unique_id ); --- src/framework/mlt_filter.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/framework/mlt_filter.c b/src/framework/mlt_filter.c index 4c85291..ed4d919 100644 --- a/src/framework/mlt_filter.c +++ b/src/framework/mlt_filter.c @@ -259,8 +259,8 @@ mlt_position mlt_filter_get_position( mlt_filter self, mlt_frame frame ) char name[20]; // Make the properties key from unique id - strcpy( name, "pos." ); - strcat( name, unique_id ); + snprintf( name, 20, "pos.%s", unique_id ); + name[20 - 1] = '\0'; return mlt_properties_get_position( MLT_FRAME_PROPERTIES( frame ), name ) - in; } @@ -304,8 +304,8 @@ mlt_frame mlt_filter_process( mlt_filter self, mlt_frame frame ) char name[20]; // Make the properties key from unique id - strcpy( name, "pos." ); - strcat( name, unique_id ); + snprintf( name, 20, "pos.%s", unique_id ); + name[20 -1] = '\0'; // Save the position on the frame mlt_properties_set_position( MLT_FRAME_PROPERTIES( frame ), name, position ); -- 1.7.10.4 |