[FFmpeg-devel] [PATCH] libavformat/rtsp.c:fix warning:‘%s’ directive output may be truncated (PR #20443)
PR #20443 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20443
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20443.patch
libavformat/rtsp.c: In function ‘ff_rtsp_make_setup_request’:warning: ‘%s’
directive output may be truncated writing up to 4095 bytes into a region of
size 4085 [-Wformat-truncation=]
note: ‘__builtin___snprintf_chk’ output between 14 and 4109 bytes into a
destination of size 4096
Signed-off-by: caifan3
From a012b3b086113e1a2a6e2ad10de985199d4d8df0 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Fri, 5 Sep 2025 16:19:20 +0800
Subject: [PATCH] =?UTF-8?q?libavformat/rtsp.c:fix=20warning:=E2=80=98%s?=
=?UTF-8?q?=E2=80=99=20directive=20output=20may=20be=20truncated?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
libavformat/rtsp.c: In function ‘ff_rtsp_make_setup_request’:warning: ‘%s’
directive output may be truncated writing up to 4095 bytes into a region of
size 4085 [-Wformat-truncation=]
note: ‘__builtin___snprintf_chk’ output between 14 and 4109 bytes into a
destination of size 4096
Signed-off-by: caifan3
---
libavformat/rtsp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 10355b89b8..507fbcd03d 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1518,7 +1518,7 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const
char *host, int port,
}
for (j = rt->rtp_port_min + port_off, i = 0; i < rt->nb_rtsp_streams; ++i)
{
-char transport[MAX_URL_SIZE];
+char transport[MAX_URL_SIZE - 13];
/*
* WMS serves all UDP data over a single connection, the RTX, which
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] WIP:Fix function file_open,file_read,file_write,file_close,file_seek conflict with Nuttx (PR #20435)
PR #20435 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20435
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20435.patch
>From 9a657b6a0700f22d98d5f7d755e8a103fdc9d288 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Thu, 4 Sep 2025 20:58:24 +0800
Subject: [PATCH 1/2] FFMPEG/libavformat: fix function
file_open,file_read,file_write,file_close,file_seek conflict with nuttx
Signed-off-by: caifan3
---
libavformat/file.c | 42 +-
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/libavformat/file.c b/libavformat/file.c
index 97f5955f93..cca5b52d6c 100644
--- a/libavformat/file.c
+++ b/libavformat/file.c
@@ -138,7 +138,7 @@ static const AVClass fd_class = {
.version= LIBAVUTIL_VERSION_INT,
};
-static int file_read(URLContext *h, unsigned char *buf, int size)
+static int ff_file_read(URLContext *h, unsigned char *buf, int size)
{
FileContext *c = h->priv_data;
int ret;
@@ -151,7 +151,7 @@ static int file_read(URLContext *h, unsigned char *buf, int
size)
return (ret == -1) ? AVERROR(errno) : ret;
}
-static int file_write(URLContext *h, const unsigned char *buf, int size)
+static int ff_file_write(URLContext *h, const unsigned char *buf, int size)
{
FileContext *c = h->priv_data;
int ret;
@@ -220,7 +220,7 @@ static int fd_dup(URLContext *h, int oldfd)
}
#endif
-static int file_close(URLContext *h)
+static int ff_file_close(URLContext *h)
{
FileContext *c = h->priv_data;
int ret = close(c->fd);
@@ -228,7 +228,7 @@ static int file_close(URLContext *h)
}
/* XXX: use llseek */
-static int64_t file_seek(URLContext *h, int64_t pos, int whence)
+static int64_t ff_file_seek(URLContext *h, int64_t pos, int whence)
{
FileContext *c = h->priv_data;
int64_t ret;
@@ -282,7 +282,7 @@ static int file_move(URLContext *h_src, URLContext *h_dst)
return 0;
}
-static int file_open(URLContext *h, const char *filename, int flags)
+static int ff_file_open(URLContext *h, const char *filename, int flags)
{
FileContext *c = h->priv_data;
int access;
@@ -409,11 +409,11 @@ static int file_close_dir(URLContext *h)
const URLProtocol ff_file_protocol = {
.name= "file",
-.url_open= file_open,
-.url_read= file_read,
-.url_write = file_write,
-.url_seek= file_seek,
-.url_close = file_close,
+.url_open= ff_file_open,
+.url_read= ff_file_read,
+.url_write = ff_file_write,
+.url_seek= ff_file_seek,
+.url_close = ff_file_close,
.url_get_file_handle = file_get_handle,
.url_check = file_check,
.url_delete = file_delete,
@@ -463,9 +463,9 @@ static int pipe_open(URLContext *h, const char *filename,
int flags)
const URLProtocol ff_pipe_protocol = {
.name= "pipe",
.url_open= pipe_open,
-.url_read= file_read,
-.url_write = file_write,
-.url_close = file_close,
+.url_read= ff_file_read,
+.url_write = ff_file_write,
+.url_close = ff_file_close,
.url_get_file_handle = file_get_handle,
.url_check = file_check,
.priv_data_size = sizeof(FileContext),
@@ -508,10 +508,10 @@ static int fd_open(URLContext *h, const char *filename,
int flags)
const URLProtocol ff_fd_protocol = {
.name= "fd",
.url_open= fd_open,
-.url_read= file_read,
-.url_write = file_write,
-.url_seek= file_seek,
-.url_close = file_close,
+.url_read= ff_file_read,
+.url_write = ff_file_write,
+.url_seek= ff_file_seek,
+.url_close = ff_file_close,
.url_get_file_handle = file_get_handle,
.url_check = file_check,
.priv_data_size = sizeof(FileContext),
@@ -668,10 +668,10 @@ static const AVClass android_content_class = {
const URLProtocol ff_android_content_protocol = {
.name= "content",
.url_open= android_content_open,
-.url_read= file_read,
-.url_write = file_write,
-.url_seek= file_seek,
-.url_close = file_close,
+.url_read= ff_file_read,
+.url_write = ff_file_write,
+.url_seek= ff_file_seek,
+.url_close = ff_file_close,
.url_get_file_handle = file_get_handle,
.url_check = NULL,
.priv_data_size = sizeof(FileContext),
--
2.49.1
>From 690f9575f619346be11ae1f9cc3e2d07abc197e4 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Thu, 4 Sep 2025 21:03:52 +0800
Subject: [PATCH 2/2] FFMPEG/fftools: fix function
file_open,file_read,file_write,file_close,file_seek conflict with nuttx
Signed-off-by: caifan3
-
[FFmpeg-devel] [PATCH] libavcodec/v4l2_buffers.c:warning: "USEC_PER_SEC" redefined (PR #20430)
PR #20430 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20430
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20430.patch
CC: ffmpeg/libavcodec/v4l2_buffers.c ffmpeg/libavcodec/v4l2_buffers.c:37:
warning: "USEC_PER_SEC" redefined
37 | #define USEC_PER_SEC 100
Signed-off-by: caifan3
>From d8c139cb83848440ae69408eb05f4517a2afd728 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Thu, 4 Sep 2025 17:31:38 +0800
Subject: [PATCH] libavcodec/v4l2_buffers.c:warning: "USEC_PER_SEC" redefined
Signed-off-by: caifan3
---
libavcodec/v4l2_buffers.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/v4l2_buffers.c b/libavcodec/v4l2_buffers.c
index 7f597a424a..d869ce9e77 100644
--- a/libavcodec/v4l2_buffers.c
+++ b/libavcodec/v4l2_buffers.c
@@ -34,7 +34,10 @@
#include "v4l2_buffers.h"
#include "v4l2_m2m.h"
+#ifndef USEC_PER_SEC
#define USEC_PER_SEC 100
+#endif
+
static AVRational v4l2_timebase = { 1, USEC_PER_SEC };
static inline V4L2m2mContext *buf_to_m2mctx(V4L2Buffer *buf)
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] libavformat/vorbiscomment.c:fix warning:‘%03d’directive output may be truncated (PR #20433)
PR #20433 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20433
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20433.patch
libavformat/vorbiscomment.c:103:63: warning: ‘%03d’ directive output may be
truncated writing between 3 and 10 bytes into a region of size 4
[-Wformat-truncation=]
snprintf(chapter_number, sizeof(chapter_number), "%03d", i);
| ^~~~
warning:‘%02d’ directive output may be truncated writing between 2 and 3 bytes
into a region of size between 1 and 7
[-Wformat-truncation=]snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
| ^~~~
libavformat/vorbiscomment.c:104:58: note: directive argument in the range [-59,
59]
104 | snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
|
^
libavformat/vorbiscomment.c:104:58: note: directive argument in the range
[-999, 999]
In function ‘snprintf’,
inlined from ‘ff_vorbiscomment_write’ at libavformat/vorbiscomment.c:104:13:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:71:10: note:
‘__builtin___snprintf_chk’ output between 13 and 21 bytes into a destination of
size 13
71 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
| ^~~~
72 |__glibc_objsize (__s), __fmt,
|~
73 |__va_arg_pack ());
|~
Signed-off-by: caifan3
From df9bf99804e9954879c8ea55bbcc0d5e17761268 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Thu, 4 Sep 2025 20:14:02 +0800
Subject: [PATCH] =?UTF-8?q?libavformat/vorbiscomment.c:fix=20warning:?=
=?UTF-8?q?=E2=80=98%03d=E2=80=99directive=20output=20may=20be=20truncated?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
libavformat/vorbiscomment.c:103:63: warning: ‘%03d’ directive output may be
truncated writing between 3 and 10 bytes into a region of size 4
[-Wformat-truncation=]
snprintf(chapter_number, sizeof(chapter_number), "%03d", i);
| ^~~~
warning:‘%02d’ directive output may be truncated writing between 2 and 3 bytes
into a region of size between 1 and 7
[-Wformat-truncation=]snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
| ^~~~
libavformat/vorbiscomment.c:104:58: note: directive argument in the range [-59,
59]
104 | snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
|
^
libavformat/vorbiscomment.c:104:58: note: directive argument in the range
[-999, 999]
In function ‘snprintf’,
inlined from ‘ff_vorbiscomment_write’ at libavformat/vorbiscomment.c:104:13:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:71:10: note:
‘__builtin___snprintf_chk’ output between 13 and 21 bytes into a destination of
size 13
71 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
| ^~~~
72 |__glibc_objsize (__s), __fmt,
|~
73 |__va_arg_pack ());
|~
Signed-off-by: caifan3
---
libavformat/vorbiscomment.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/vorbiscomment.c b/libavformat/vorbiscomment.c
index abe12fd586..fb2ea7eba1 100644
--- a/libavformat/vorbiscomment.c
+++ b/libavformat/vorbiscomment.c
@@ -91,8 +91,8 @@ int ff_vorbiscomment_write(AVIOContext *pb, const
AVDictionary *m,
}
for (int i = 0; i < nb_chapters; i++) {
AVChapter *chp = chapters[i];
-char chapter_time[13];
-char chapter_number[4];
+char chapter_time[22];
+char chapter_number[11];
int h, m, s, ms;
s = av_rescale(chp->start, chp->time_base.num,
chp->time_base.den);
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] fftools/cmdutils: Rename file_read to ff_file_read to avoid symbol conflict (PR #20500)
PR #20500 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20500
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20500.patch
The function name 'file_read' is too generic and may conflict with other
functions in external code or libraries. Prefixing it with 'ff_' aligns
with FFmpeg's naming convention and improves namespace isolation.
Signed-off-by: caifan3
>From 26131ffb5546cfbbe528f4286bc347b35b218e7a Mon Sep 17 00:00:00 2001
From: caifan3
Date: Fri, 12 Sep 2025 14:23:53 +0800
Subject: [PATCH] fftools/cmdutils: Rename file_read to ff_file_read to avoid
symbol conflict
The function name 'file_read' is too generic and may conflict with other
functions in external code or libraries. Prefixing it with 'ff_' aligns
with FFmpeg's naming convention and improves namespace isolation.
Signed-off-by: caifan3
---
fftools/cmdutils.c | 4 ++--
fftools/cmdutils.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index dc093b0bd3..818bb40438 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -263,7 +263,7 @@ static int write_option(void *optctx, const OptionDef *po,
const char *opt,
return AVERROR(EINVAL);
}
-arg_allocated = file_read(arg);
+arg_allocated = ff_file_read(arg);
if (!arg_allocated) {
av_log(NULL, AV_LOG_FATAL,
"Error reading the value for option '%s' from file: %s\n",
@@ -1498,7 +1498,7 @@ double get_rotation(const int32_t *displaymatrix)
}
/* read file contents into a string */
-char *file_read(const char *filename)
+char *ff_file_read(const char *filename)
{
AVIOContext *pb = NULL;
int ret = avio_open(&pb, filename, AVIO_FLAG_READ);
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index ad020f893a..e780999c77 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -535,7 +535,7 @@ void *allocate_array_elem(void *array, size_t elem_size,
int *nb_elems);
double get_rotation(const int32_t *displaymatrix);
/* read file contents into a string */
-char *file_read(const char *filename);
+char *ff_file_read(const char *filename);
/* Remove keys in dictionary b from dictionary a */
void remove_avoptions(AVDictionary **a, AVDictionary *b);
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] libavformat/vorbiscomment.c:rm warning ‘%03d’ directive output may be truncated (PR #20366)
PR #20366 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20366
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20366.patch
warning: ‘%03d’ directive output may be truncated writing between 3 and 10
bytes into a region of size 4 [-Wformat-truncation=]
warning: ‘%02d’ directive output may be truncated writing between 2 and 3 bytes
into a region of size between 1 and 7 [-Wformat-truncation=]
Signed-off-by: caifan3
From 08b5aaad4c7ff709c0691c78675a3de681347193 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Fri, 29 Aug 2025 16:21:40 +0800
Subject: [PATCH] =?UTF-8?q?libavformat/vorbiscomment.c:rm=20warning=20?=
=?UTF-8?q?=E2=80=98%03d=E2=80=99=20directive=20output=20may=20be=20trunca?=
=?UTF-8?q?ted?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
warning: ‘%03d’ directive output may be truncated writing between 3 and 10
bytes into a region of size 4 [-Wformat-truncation=]
warning: ‘%02d’ directive output may be truncated writing between 2 and 3 bytes
into a region of size between 1 and 7 [-Wformat-truncation=]
Signed-off-by: caifan3
---
libavformat/vorbiscomment.c | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/libavformat/vorbiscomment.c b/libavformat/vorbiscomment.c
index abe12fd586..1fc2066785 100644
--- a/libavformat/vorbiscomment.c
+++ b/libavformat/vorbiscomment.c
@@ -93,15 +93,23 @@ int ff_vorbiscomment_write(AVIOContext *pb, const
AVDictionary *m,
AVChapter *chp = chapters[i];
char chapter_time[13];
char chapter_number[4];
-int h, m, s, ms;
+int h, m, s, ms, ret;
s = av_rescale(chp->start, chp->time_base.num,
chp->time_base.den);
h = s / 3600;
m = (s / 60) % 60;
ms = av_rescale_q(chp->start, chp->time_base, av_make_q( 1,
1000)) % 1000;
s = s % 60;
-snprintf(chapter_number, sizeof(chapter_number), "%03d", i);
-snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
+ret = snprintf(chapter_number, sizeof(chapter_number), "%03d", i);
+if (ret < 0 || ret >= sizeof(chapter_number)) {
+av_log(NULL, AV_LOG_ERROR, "Chapter number %d too large to
format\n", i);
+return AVERROR(EINVAL);
+}
+ret = snprintf(chapter_time, sizeof(chapter_time),
"%02d:%02d:%02d.%03d", h, m, s, ms);
+if (ret < 0 || ret >= sizeof(chapter_time)) {
+av_log(NULL, AV_LOG_ERROR, "Chapter time %02d:%02d:%02d.%03d
too large to format\n", h, m, s, ms);
+return AVERROR(EINVAL);
+}
avio_wl32(pb, 10 + 1 + 12);
avio_write(pb, "CHAPTER", 7);
avio_write(pb, chapter_number, 3);
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] libavutil/timecodec: fix potential snprintf truncation in av_timecode_make_string (PR #20859)
PR #20859 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20859
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20859.patch
ensure formatted timecode string fits in AV_TIMECODE_STR_SIZE,
eliminates -Wformat-truncation compiler warning.
Signed-off-by: caifan3
>From 7301d28c814971a60da19c944ba610218ce419ed Mon Sep 17 00:00:00 2001
From: caifan3
Date: Fri, 7 Nov 2025 18:27:40 +0800
Subject: [PATCH] libavutil/timecodec: fix potential snprintf truncation in
av_timecode_make_string
ensure formatted timecode string fits in AV_TIMECODE_STR_SIZE,
eliminates -Wformat-truncation compiler warning.
Signed-off-by: caifan3
---
libavutil/timecode.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libavutil/timecode.c b/libavutil/timecode.c
index bca16b6ac2..2a2bf6ddf1 100644
--- a/libavutil/timecode.c
+++ b/libavutil/timecode.c
@@ -32,6 +32,7 @@
#include "timecode_internal.h"
#include "log.h"
#include "error.h"
+#include "libavutil/avassert.h"
int av_timecode_adjust_ntsc_framenum2(int framenum, int fps)
{
@@ -105,7 +106,7 @@ char *av_timecode_make_string(const AVTimecode *tc, char
*buf, int framenum_arg)
{
int fps = tc->fps;
int drop = tc->flags & AV_TIMECODE_FLAG_DROPFRAME;
-int hh, mm, ss, ff, ff_len, neg = 0;
+int hh, mm, ss, ff, ff_len, len, neg = 0;
int64_t framenum = framenum_arg;
framenum += tc->start;
@@ -122,9 +123,10 @@ char *av_timecode_make_string(const AVTimecode *tc, char
*buf, int framenum_arg)
if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
hh = hh % 24;
ff_len = fps > 1 ? 5 : fps > 1000 ? 4 : fps > 100 ? 3 : fps > 10 ? 2 :
1;
-snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%0*d",
- neg ? "-" : "",
- hh, mm, ss, drop ? ';' : ':', ff_len, ff);
+len = snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%0*d",
+ neg ? "-" : "",
+ hh, mm, ss, drop ? ';' : ':', ff_len, ff);
+av_assert0(len >= 0 && len < sizeof(buf));
return buf;
}
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] libavformat/vorbiscomment: fix potential buffer truncation (PR #20858)
PR #20858 opened by caifan URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20858 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20858.patch add av_assert0() for chapter_time and chapter_number, ensure buffer size is sufficient to hold formatted strings, eliminate -Wformat-truncation warning. Signed-off-by: caifan3 >From c2b190a950d22693a890b16ef8ec23f0d5078723 Mon Sep 17 00:00:00 2001 From: caifan3 Date: Fri, 7 Nov 2025 17:48:09 +0800 Subject: [PATCH] libavformat/vorbiscomment: fix potential buffer truncation add av_assert0() for chapter_time and chapter_number, ensure buffer size is sufficient to hold formatted strings, eliminate -Wformat-truncation warning. Signed-off-by: caifan3 --- libavformat/vorbiscomment.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavformat/vorbiscomment.c b/libavformat/vorbiscomment.c index abe12fd586..9a755d8704 100644 --- a/libavformat/vorbiscomment.c +++ b/libavformat/vorbiscomment.c @@ -24,6 +24,7 @@ #include "metadata.h" #include "vorbiscomment.h" #include "libavutil/dict.h" +#include "libavutil/avassert.h" /** * VorbisComment metadata conversion mapping. @@ -100,8 +101,10 @@ int ff_vorbiscomment_write(AVIOContext *pb, const AVDictionary *m, m = (s / 60) % 60; ms = av_rescale_q(chp->start, chp->time_base, av_make_q( 1, 1000)) % 1000; s = s % 60; -snprintf(chapter_number, sizeof(chapter_number), "%03d", i); -snprintf(chapter_time, sizeof(chapter_time), "%02d:%02d:%02d.%03d", h, m, s, ms); +int len_num = snprintf(chapter_number, sizeof(chapter_number), "%03d", i); +av_assert0(len_num >= 0 && len_num < sizeof(chapter_number)); +int len_time = snprintf(chapter_time, sizeof(chapter_time), "%02d:%02d:%02d.%03d", h, m, s, ms); +av_assert0(len_time >= 0 && len_time < sizeof(chapter_time)); avio_wl32(pb, 10 + 1 + 12); avio_write(pb, "CHAPTER", 7); avio_write(pb, chapter_number, 3); -- 2.49.1 ___ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
[FFmpeg-devel] [PATCH] libavformat/rtsp: fix potential buffer truncation in ff_rtsp_make_setup_request (PR #20857)
PR #20857 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20857
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20857.patch
GCC with -Wformat-truncation warns that writing the transport string with
snprintf may result in truncation, as up to 4095 bytes from '%s'
are written into a buffer with only 4085 bytes available (after accounting for
"Transport: " and "\r\n").
Signed-off-by: caifan3
>From 2ae2910d2d55ca6a8f8145fc3160589d02415801 Mon Sep 17 00:00:00 2001
From: caifan3
Date: Fri, 7 Nov 2025 16:39:56 +0800
Subject: [PATCH] libavformat/rtsp: fix potential buffer truncation in
ff_rtsp_make_setup_request
GCC with -Wformat-truncation warns that writing the transport string with
snprintf may result in truncation, as up to 4095 bytes from '%s'
are written into a buffer with only 4085 bytes available (after accounting for
"Transport: " and "\r\n").
Signed-off-by: caifan3
---
libavformat/rtsp.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index e8f44e571a..5742aecce1 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1499,7 +1499,7 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const
char *host, int port,
int lower_transport, const char *real_challenge)
{
RTSPState *rt = s->priv_data;
-int rtx = 0, j, i, err, interleave = 0, port_off = 0;
+int rtx = 0, j, i, err, len, interleave = 0, port_off = 0;
RTSPStream *rtsp_st;
RTSPMessageHeader reply1, *reply = &reply1;
char cmd[MAX_URL_SIZE];
@@ -1631,9 +1631,10 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const
char *host, int port,
} else if (rt->server_type == RTSP_SERVER_REAL ||
rt->server_type == RTSP_SERVER_WMS)
av_strlcat(transport, ";mode=play", sizeof(transport));
-snprintf(cmd, sizeof(cmd),
- "Transport: %s\r\n",
- transport);
+len = snprintf(cmd, sizeof(cmd),
+ "Transport: %s\r\n",
+ transport);
+av_assert0(len >= 0 && len < sizeof(cmd));
if (rt->accept_dynamic_rate)
av_strlcat(cmd, "x-Dynamic-Rate: 0\r\n", sizeof(cmd));
if (CONFIG_RTPDEC && i == 0 && rt->server_type == RTSP_SERVER_REAL) {
--
2.49.1
___
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
