[FFmpeg-devel] [PATCH 1/2] libavutil/libavfilter: add opencl wrapper to ffmpeg
Michael Niedermayer
michaelni at gmx.at
Sun Mar 24 20:08:45 CET 2013
On Sun, Mar 24, 2013 at 08:00:46PM +0100, Michael Niedermayer wrote:
> On Sun, Mar 24, 2013 at 06:40:27PM +0100, Stefano Sabatini wrote:
> > On date Sunday 2013-03-24 19:55:00 +0800, Wei Gao encoded:
> > >
> >
> > > From ab91c74fa166f557eadb39ab399d7ba667b91340 Mon Sep 17 00:00:00 2001
> > > From: highgod0401 <highgod0401 at gmail.com>
> > > Date: Sun, 24 Mar 2013 19:20:16 +0800
> > > Subject: [PATCH 1/2] add opencl wrapper to ffmpeg
> [...]
>
> > > +static int access_binaries(cl_device_id *device_ids, int numdevices, const char *cl_file_name, FILE **fhandle,
> > > + size_t *binarysizes, char **binaries, int write)
> > > +{
> > > + FILE *fd = NULL;
> > > + int status;
> > > + char filename[1024] = {0};
> > > + char cl_name[1024] = {0};
> > > + char devicename[1024] = {0};
> > > + int i;
> > > + for (i = 0; i < numdevices; i++) {
> > > + if (device_ids[i] != 0) {
> > > + status = clGetDeviceInfo(device_ids[i],
> > > + CL_DEVICE_NAME,
> > > + sizeof(devicename),
> > > + devicename,
> > > + NULL);
> > > + if (status == CL_SUCCESS) {
> > > + av_strlcpy(cl_name,cl_file_name,sizeof(cl_name));
> > > + snprintf(filename, sizeof(filename),"./%s-%s.bin", cl_name, devicename);
>
> [...]
>
> > > + if (binarysizes[i] != 0) {
> > > + output = fopen(filename, "wb");
>
> [...]
>
> > > + }
> > > + fwrite(binaries[i], sizeof(char), binarysizes[i], output);
>
> theres no gurantee that you have write permission in the current
> directory or in any directory.
> Also its not nice from a library to drop files in the current
> directory unrequested
also, while i didnt read the whole file read/write code it appears
to me that files are read and executed from the current directory
this is not safe, someone could have placed a mallicious file there
[..]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130324/73c76017/attachment.asc>
More information about the ffmpeg-devel
mailing list