mirror/mpv
0
0
Fork 0
mirror of https://github.com/mpv-player/mpv.git synced 2024-09-20 12:02:23 +02:00
Code
d0c530919d
mpv/demux
History
Avi Halachmi (:avih) d0c530919d demux_mf: improve format string processing 
Before this commit, the user could specify a printf format string
which wasn't verified, and could result in:
- Undefined behavior due to missing or non-matching arguments.
- Buffer overflow due to untested result length.

The offending code was added at commit 103a9609 (2002, mplayer svn):
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@4566 b3059339-0415-0410-9bf9-f77b7e298cf2

It moved around but was not modified meaningfully until now.

Now we reject all conversion specifiers at the format except %%
and a simple subset of the valid specifiers. Also, we now use
snprintf to avoid buffer overflow.

The format string is provided by the user as part of mf:// URI.

Report and initial patch by Stefan Schiller.
Patch reviewed by @jeeb, @sfan5, Stefan Schiller.
2021-04-05 18:24:55 +03:00
..
cache.c options: change option macros and all option declarations 2020-03-18 19:52:01 +01:00
cache.h demux: add a on-disk cache 2019-09-19 20:37:05 +02:00
codec_tags.c Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
codec_tags.h Relicense some non-MPlayer source files to LGPL 2.1 or later 2016-01-19 18:36:06 +01:00
cue.c cue: tolerate NBSP as whitespace 2020-02-03 19:13:44 +01:00
cue.h Relicense some non-MPlayer source files to LGPL 2.1 or later 2016-01-19 18:36:06 +01:00
demux_cue.c options: change option macros and all option declarations 2020-03-18 19:52:01 +01:00
demux_disc.c stream, demux: redo origin policy thing 2019-12-20 13:00:39 +01:00
demux_edl.c ytdl_hook, edl: add fps, samplerate codec parameters 2020-02-21 14:48:23 +01:00
demux_lavf.c demux_lavf: initialize ReplayGain data 2020-10-23 14:22:57 +02:00
demux_libarchive.c stream_libarchive: remember archive headers from initial open 2020-04-28 22:13:03 -07:00
demux_mf.c demux_mf: improve format string processing 2021-04-05 18:24:55 +03:00
demux_mkv_timeline.c demux_mkv: warn against some other aspects of mismatching codec data 2020-08-16 01:00:29 +02:00
demux_mkv.c demux_mkv: add png intra support 2020-04-16 00:03:26 +02:00
demux_null.c demux_null: mark as seekable 2018-01-06 14:42:22 -08:00
demux_playlist.c playlist: change from linked list to an array 2019-12-28 21:32:15 +01:00
demux_raw.c options: cleanup .min use for OPT_CHANNELS 2020-04-09 11:27:38 +02:00
demux_timeline.c demux_timeline: fix bad EOF reporting 2020-02-28 00:08:36 +01:00
demux.c demux: Move demuxer help to new standard mechanism 2021-03-28 19:46:32 +03:00
demux.h demux: Move demuxer help to new standard mechanism 2021-03-28 19:46:32 +03:00
ebml.c build: change filenames of generated files 2020-06-04 16:59:05 +02:00
ebml.h build: change filenames of generated files 2020-06-04 16:59:05 +02:00
matroska.h ebml, matroska.h: change license to LGPL 2017-04-21 13:34:10 +02:00
packet.c Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
packet.h demux: add a on-disk cache 2019-09-19 20:37:05 +02:00
stheader.h video, demux: rip out unused spherical metadata code 2019-10-17 22:49:26 +02:00
timeline.c stream, demux: redo origin policy thing 2019-12-20 13:00:39 +01:00
timeline.h edl: make it possible to delay-load files with multiple tracks 2020-02-21 00:19:17 +01:00