[FFmpeg-devel] [PATCH 2/2] OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c by using strncpy instead of strcpy

Michael Niedermayer michaelni at gmx.at
Tue Apr 28 12:26:51 CEST 2015


On Tue, Apr 28, 2015 at 07:43:51AM +0000, Gupta, Maneesh wrote:
> > -----Original Message-----
> > From: ffmpeg-devel-bounces at ffmpeg.org [mailto:ffmpeg-devel-
> > bounces at ffmpeg.org] On Behalf Of Michael Niedermayer
> > Sent: Monday, April 27, 2015 4:49 PM
> > To: FFmpeg development discussions and patches
> > Subject: Re: [FFmpeg-devel] [PATCH 2/2] OpenCL: Avoid potential buffer
> > overflow in cmdutils_opencl.c by using strncpy instead of strcpy
> > 
> > On Mon, Apr 27, 2015 at 07:51:36AM +0000, Gupta, Maneesh wrote:
> > > Hi,
> > >
> > > There was a potential buffer overflow during a strcpy operation in
> > cmdutils_opencl.c. This patch attempts to fix the same.
> > >
> > > Regards,
> > > Maneesh
> > 
> > >  cmdutils_opencl.c |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > b6d9e0b4f9efc1d0ae9d3f05b7802c81007999d7
> > > 0002-OpenCL-Replace-strcpy-with-strncpy-to-avoid-buffer-o.patch
> > > From 026f4de0628c3e7e0211ee0f6c96e816ff757cd1 Mon Sep 17 00:00:00
> > 2001
> > > From: Maneesh Gupta <maneesh.gupta at amd.com>
> > > Date: Sat, 25 Apr 2015 11:17:05 +0530
> > > Subject: [PATCH 2/2] OpenCL: Replace strcpy with strncpy to avoid
> > > buffer  overflows
> > >
> > > Signed-off-by: Maneesh Gupta <maneesh.gupta at amd.com>
> > > ---
> > >  cmdutils_opencl.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/cmdutils_opencl.c b/cmdutils_opencl.c index
> > > 3dfd156..73cab98 100644
> > > --- a/cmdutils_opencl.c
> > > +++ b/cmdutils_opencl.c
> > > @@ -238,7 +238,7 @@ int opt_opencl_bench(void *optctx, const char
> > *opt, const char *arg)
> > >                  devices[count].platform_idx = i;
> > >                  devices[count].device_idx = j;
> > >                  devices[count].runtime = score;
> > > -                strcpy(devices[count].device_name, device_node-
> > >device_name);
> > > +                strncpy(devices[count].device_name,
> > > + device_node->device_name, 64);
> > this should be
> > sizeof(devices[count].device_name)
> > and av_strlcpy()
> > 
> [Gupta, Maneesh] Attached is the updated patch.

>  cmdutils_opencl.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 9c380e0317410e70fbce79829cf65ab8c3feb98f  0002-OpenCL-Avoid-potential-buffer-overflow-in-cmdutils_o.patch
> From cf74c6938e60ebbf4eaaf8313128ee564bbc9dcf Mon Sep 17 00:00:00 2001
> From: Maneesh Gupta <maneesh.gupta at amd.com>
> Date: Tue, 28 Apr 2015 13:08:31 +0530
> Subject: [PATCH 2/2] OpenCL: Avoid potential buffer overflow in
>  cmdutils_opencl.c
> 
> The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger. This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.
> 
> Signed-off-by: Maneesh Gupta <maneesh.gupta at amd.com>

applied

thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150428/6c4fd12b/attachment.asc>


More information about the ffmpeg-devel mailing list