[FFmpeg-devel] [PATCH 1/4] avfilter/af_pan: Fix sscanf() use
Nicolas George
george at nsup.org
Tue Jan 7 11:52:17 EET 2025
Michael Niedermayer (12025-01-07):
> Fixes: Memory Data Leak
>
> Found-by: Simcha Kosman <simcha.kosman at cyberark.com>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavfilter/af_pan.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
> index 0d20b0307b3..3a11a7d324f 100644
> --- a/libavfilter/af_pan.c
> +++ b/libavfilter/af_pan.c
> @@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx)
> sign = 1;
> while (1) {
> gain = 1;
> - if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
> + if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) == 1)
IIRC, there are implementations out there that do not respect the
specification that %n does not increment the conversion count returned
by the function. I suppose the issue was a negative return value? If so,
please use >= 1 instead of == 1.
> arg += len;
> if (parse_channel_name(&arg, &in_ch_id, &named)){
> av_log(ctx, AV_LOG_ERROR,
Regards,
--
Nicolas George
More information about the ffmpeg-devel
mailing list