]> git.sesse.net Git - kdenlive/commitdiff
projects / kdenlive / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c1d9ef5)
Fix buffer overflow caused by unexpected v4l output
authorJean-Baptiste Mardelle <jb@kdenlive.org>
Wed, 9 Nov 2011 01:43:04 +0000 (02:43 +0100)
committerJean-Baptiste Mardelle <jb@kdenlive.org>
Wed, 9 Nov 2011 01:43:04 +0000 (02:43 +0100)
src/v4l/src.c patch | blob | history

diff --git a/src/v4l/src.c b/src/v4l/src.c
index b265b989f746ec80628f2fc40e9253b8207c1d52..5d7666fc2064b25336f22567347cf84df725e158 100644 (file)
--- a/src/v4l/src.c
+++ b/src/v4l/src.c
@@ -112,8 +112,9 @@ const char *query_v4ldevice(src_t *src, char **pixelformatdescription)
 
             while (ioctl(s->fd, VIDIOC_ENUM_FMT, &fmt) != -1)
             {
-                snprintf( value, sizeof(value), ">%c%c%c%c", fmt.pixelformat >> 0,  fmt.pixelformat >> 8, fmt.pixelformat >> 16, fmt.pixelformat >> 24 );
-                strcat(*pixelformatdescription, (char *) value);
+                if (strlen(*pixelformatdescription) > 2000) break;
+                if (snprintf( value, sizeof(value), ">%c%c%c%c", fmt.pixelformat >> 0,  fmt.pixelformat >> 8, fmt.pixelformat >> 16, fmt.pixelformat >> 24 ) > 0)
+                    strcat(*pixelformatdescription, (char *) value);
                 fprintf(stderr, "detected format: %s: %c%c%c%c\n", fmt.description, fmt.pixelformat >> 0,  fmt.pixelformat >> 8,
                       fmt.pixelformat >> 16, fmt.pixelformat >> 24);
 
@@ -127,12 +128,14 @@ const char *query_v4ldevice(src_t *src, char **pixelformatdescription)
                     rates.pixel_format = fmt.pixelformat;
                     rates.width = image_size.width;
                     rates.height = image_size.height;
-                    snprintf( value, sizeof(value), ":%dx%d=", image_size.width, image_size.height );
-                    strcat(*pixelformatdescription, (char *) value);
+                    if (strlen(*pixelformatdescription) > 2000) break;
+                    if (snprintf( value, sizeof(value), ":%dx%d=", image_size.width, image_size.height ) > 0)
+                        strcat(*pixelformatdescription, (char *) value);
                     fprintf(stderr, "Size: %dx%d: ", image_size.width, image_size.height);
                     while (ioctl(s->fd, VIDIOC_ENUM_FRAMEINTERVALS, &rates) != -1) {
-                        snprintf( value, sizeof(value), "%d/%d,", rates.un.discrete.denominator, rates.un.discrete.numerator );
-                        strcat(*pixelformatdescription, (char *) value);
+                        if (strlen(*pixelformatdescription) > 2000) break;
+                        if (snprintf( value, sizeof(value), "%d/%d,", rates.un.discrete.denominator, rates.un.discrete.numerator ) > 0)
+                            strcat(*pixelformatdescription, (char *) value);
                         fprintf(stderr, "%d/%d, ", rates.un.discrete.numerator, rates.un.discrete.denominator);
                         rates.index ++;
                     }
Unnamed repository; edit this file 'description' to name the repository.