dissallow sprintf

Originally committed as revision 3823 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2005-01-12 00:59:42 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2005-01-12 00:59:42 +0000
commit: 2fc8ea249f325c2017137847bc1a565b77f40f11 (patch)
tree: 34f0783859f7637871650292705b657650f30800 /libavcodec
parent: 0ecca7a49f8e254c12a3a1de048d738bfbb614c6 (diff)
7 files changed, 14 insertions, 11 deletions
diff --git a/libavcodec/apiexample.c b/libavcodec/apiexample.c
index a2ee99dfc1..0c7617d853 100644
--- a/libavcodec/apiexample.c
+++ b/libavcodec/apiexample.c
@@ -415,7 +415,8 @@ int options_example(int argc, char* argv[])
     AVCodec* codec = avcodec_find_encoder_by_name((argc > 1) ? argv[2] : "mpeg4");
     const AVOption* c;
     AVCodecContext* avctx;
-    char* def = av_malloc(5000);
+#define DEF_SIZE 5000
+    char* def = av_malloc(DEF_SIZE);
     const char* col = "";
     int i = 0;
 
@@ -449,16 +450,16 @@ int options_example(int argc, char* argv[])
 		       "unknown??", c->name);
 		switch (t) {
 		case FF_OPT_TYPE_BOOL:
-		    i += sprintf(def + i, "%s%s=%s",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
 				 col, c->name,
 				 c->defval != 0. ? "on" : "off");
 		    break;
 		case FF_OPT_TYPE_DOUBLE:
-		    i += sprintf(def + i, "%s%s=%f",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%f",
 				 col, c->name, c->defval);
 		    break;
 		case FF_OPT_TYPE_INT:
-		    i += sprintf(def + i, "%s%s=%d",
+		    i += snprintf(def + i, DEF_SIZE-i, "%s%s=%d",
 				 col, c->name, (int) c->defval);
 		    break;
 		case FF_OPT_TYPE_STRING:
@@ -467,7 +468,7 @@ int options_example(int argc, char* argv[])
 			char* f = strchr(d, ',');
 			if (f)
                             *f = 0;
-			i += sprintf(def + i, "%s%s=%s",
+			i += snprintf(def + i, DEF_SIZE-i, "%s%s=%s",
 				     col, c->name, d);
                         av_free(d);
 		    }
diff --git a/libavcodec/common.h b/libavcodec/common.h
index 5b59def89f..c33812e697 100644
--- a/libavcodec/common.h
+++ b/libavcodec/common.h
@@ -499,6 +499,7 @@ tend= rdtsc();\
 #define time time_is_forbidden_due_to_security_issues
 #define rand rand_is_forbidden_due_to_state_trashing
 #define srand srand_is_forbidden_due_to_state_trashing
+#define sprintf sprintf_is_forbidden_due_to_security_issues_use_snprintf
 #if !(defined(LIBAVFORMAT_BUILD) || defined(_FRAMEHOOK_H))
 #define printf please_use_av_log
 #define fprintf please_use_av_log
diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
index 5dec85c0cf..fbc20ad5e2 100644
--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -1170,13 +1170,14 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size,
     if((s->flags&CODEC_FLAG_PASS1) && (s->picture_number&31)==0){
         int j;
         char *p= avctx->stats_out;
+        char *end= p + 1024*30;
         for(i=0; i<3; i++){
             for(j=0; j<256; j++){
-                sprintf(p, "%llu ", s->stats[i][j]);
+                snprintf(p, end-p, "%llu ", s->stats[i][j]);
                 p+= strlen(p);
                 s->stats[i][j]= 0;
             }
-            sprintf(p, "\n");
+            snprintf(p, end-p, "\n");
             p++;
         }
     }else{
diff --git a/libavcodec/imgresample.c b/libavcodec/imgresample.c
index 3b74a82794..2c7e1120ac 100644
--- a/libavcodec/imgresample.c
+++ b/libavcodec/imgresample.c
@@ -730,7 +730,7 @@ int main(int argc, char **argv)
                            img + 50 * XSIZE, XSIZE, XSIZE, YSIZE - 100);
         img_resample_close(s);
 
-        sprintf(buf, "/tmp/out%d.pgm", i);
+        snprintf(buf, sizeof(buf), "/tmp/out%d.pgm", i);
         save_pgm(buf, img1, xsize, ysize);
     }
 
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 0ff5fcbb98..48a168451d 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -2130,7 +2130,7 @@ void sample_dump(int fnum, int32_t *tab, int n)
     
     f = files[fnum];
     if (!f) {
-        sprintf(buf, "/tmp/out%d.%s.pcm", 
+        snprintf(buf, sizeof(buf), "/tmp/out%d.%s.pcm", 
                 fnum, 
 #ifdef USE_HIGHPRECISION
                 "hp"
diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c
index a304f48f1a..71af4f4ec8 100644
--- a/libavcodec/ratecontrol.c
+++ b/libavcodec/ratecontrol.c
@@ -38,7 +38,7 @@ static int init_pass2(MpegEncContext *s);
 static double get_qscale(MpegEncContext *s, RateControlEntry *rce, double rate_factor, int frame_num);
 
 void ff_write_pass1_stats(MpegEncContext *s){
-    sprintf(s->avctx->stats_out, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
+    snprintf(s->avctx->stats_out, 256, "in:%d out:%d type:%d q:%d itex:%d ptex:%d mv:%d misc:%d fcode:%d bcode:%d mc-var:%d var:%d icount:%d;\n",
             s->current_picture_ptr->display_picture_number, s->current_picture_ptr->coded_picture_number, s->pict_type, 
             s->current_picture.quality, s->i_tex_bits, s->p_tex_bits, s->mv_bits, s->misc_bits, 
             s->f_code, s->b_code, s->current_picture.mc_mb_var_sum, s->current_picture.mb_var_sum, s->i_count);
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 4111a63098..d1b3ca3c94 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -762,7 +762,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
                 strcpy(channels_str, "5:1");
                 break;
             default:
-                sprintf(channels_str, "%d channels", enc->channels);
+                snprintf(channels_str, sizeof(channels_str), "%d channels", enc->channels);
                 break;
         }
         if (enc->sample_rate) {
author	Michael Niedermayer <michaelni@gmx.at>	2005-01-12 00:59:42 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2005-01-12 00:59:42 +0000
commit	2fc8ea249f325c2017137847bc1a565b77f40f11 (patch)
tree	34f0783859f7637871650292705b657650f30800 /libavcodec
parent	0ecca7a49f8e254c12a3a1de048d738bfbb614c6 (diff)