> On 27 Feb 2021, at 06:37, Guo, Yejun <[email protected]> wrote:
>
>
>> -----Original Message-----
>> From: ffmpeg-devel <[email protected]> On Behalf Of Reimar
>> D?ffinger
>>>
>
> For the code in this function, max length of file name is fixed, see the code
> below.
> Anyway, it still increases the on-stack variable size which might have
> potential security
> issue.
>
> snprintf(device_name, sizeof(device_name), "/dev/%s", entry->d_name);
>
> 'man readdir' shows:
> struct dirent {
> ino_t d_ino; /* Inode number */
> off_t d_off; /* Not an offset; see below */
> unsigned short d_reclen; /* Length of this record */
> unsigned char d_type; /* Type of file; not supported
> by all filesystem types */
> char d_name[256]; /* Null-terminated filename */
> };
The size is not standardised.
E.g. the OSX manpage has:
struct dirent { /* when _DARWIN_FEATURE_64_BIT_INODE is defined */
ino_t d_fileno; /* file number of entry */
__uint64_t d_seekoff; /* seek offset (optional, used by servers)
*/
__uint16_t d_reclen; /* length of this record */
__uint16_t d_namlen; /* length of string in d_name */
__uint8_t d_type; /* file type, see below */
char d_name[1024]; /* name must be no longer than this */
};
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
