> On 25 Feb 2021, at 07:38, Guo, Yejun <yejun....@intel.com> wrote:
> --- a/libavformat/smoothstreamingenc.c
> +++ b/libavformat/smoothstreamingenc.c
> @@ -501,7 +501,7 @@ static int ism_flush(AVFormatContext *s, int final)
>
> for (i = 0; i < s->nb_streams; i++) {
> OutputStream *os = &c->streams[i];
> - char filename[1024], target_filename[1024], header_filename[1024],
> curr_dirname[1024];
> + char filename[2048], target_filename[2048], header_filename[2048],
> curr_dirname[1024];
> int64_t size;
> int64_t start_ts, duration, moof_size;
> if (!os->packets_written)
IMO some of these allocations are getting a bit too large for the stack
(multi-page stack allocations weaken security measures even if the large
arrays themselves do not overflow).
And no matter what size you put, there’s always a larger filename possible
where it breaks, so it feels like just warning polishing with marginal
real benefit.
Why not use av_asprintf, then at least the problem is actually solved for real?
I don’t see that this code is performance relevant, so the only reason to
put these onto stack is being too lazy to do the memory management, which
I think is a fairly weak argument.
Best regards,
Reimar
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
