[FFmpeg-devel] [PATCH] lavu: add av_bprintf and related.
Nicolas George
nicolas.george at normalesup.org
Sun Mar 11 23:59:30 CET 2012
Le duodi 22 ventôse, an CCXX, Stefano Sabatini a écrit :
> So why not:
> add = FFMIN(add, room-1);
> ?
> What I'm concerned is that you can have len expressing a value
> different from strlen(buf.str).
The reason for that is in the doc, you may have missed it and it may need to
be made more visible:
* The length of the string can go beyond the allocated size: the buffer is
* then truncated, but the functions still keep account of the actual total
* length.
In other words, if you write a 6k text in a buffer limited to 4k,
strlen(buf.str) will be 4k (minus the terminating NUL) while buf.len will be
6k. It will usually not be of much use, but sometimes it will; and it is the
main relevant information if size_max=0.
> Of course but these are the kind of limit situations which are looked
> after for exploitations.
Exactly. And now that I look into it, I realize that the string may not be
NUL-terminated at the expected place if the FFMIN(UINT_MAX-5) kicks in. I
have made a note to fix that.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/e4f59687/attachment.asc>
More information about the ffmpeg-devel
mailing list