On Tue, Apr 28, 2015 at 07:43:51AM +0000, Gupta, Maneesh wrote: > > -----Original Message----- > > From: ffmpeg-devel-boun...@ffmpeg.org [mailto:ffmpeg-devel- > > boun...@ffmpeg.org] On Behalf Of Michael Niedermayer > > Sent: Monday, April 27, 2015 4:49 PM > > To: FFmpeg development discussions and patches > > Subject: Re: [FFmpeg-devel] [PATCH 2/2] OpenCL: Avoid potential buffer > > overflow in cmdutils_opencl.c by using strncpy instead of strcpy > > > > On Mon, Apr 27, 2015 at 07:51:36AM +0000, Gupta, Maneesh wrote: > > > Hi, > > > > > > There was a potential buffer overflow during a strcpy operation in > > cmdutils_opencl.c. This patch attempts to fix the same. > > > > > > Regards, > > > Maneesh > > > > > cmdutils_opencl.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > b6d9e0b4f9efc1d0ae9d3f05b7802c81007999d7 > > > 0002-OpenCL-Replace-strcpy-with-strncpy-to-avoid-buffer-o.patch > > > From 026f4de0628c3e7e0211ee0f6c96e816ff757cd1 Mon Sep 17 00:00:00 > > 2001 > > > From: Maneesh Gupta <maneesh.gu...@amd.com> > > > Date: Sat, 25 Apr 2015 11:17:05 +0530 > > > Subject: [PATCH 2/2] OpenCL: Replace strcpy with strncpy to avoid > > > buffer overflows > > > > > > Signed-off-by: Maneesh Gupta <maneesh.gu...@amd.com> > > > --- > > > cmdutils_opencl.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/cmdutils_opencl.c b/cmdutils_opencl.c index > > > 3dfd156..73cab98 100644 > > > --- a/cmdutils_opencl.c > > > +++ b/cmdutils_opencl.c > > > @@ -238,7 +238,7 @@ int opt_opencl_bench(void *optctx, const char > > *opt, const char *arg) > > > devices[count].platform_idx = i; > > > devices[count].device_idx = j; > > > devices[count].runtime = score; > > > - strcpy(devices[count].device_name, device_node- > > >device_name); > > > + strncpy(devices[count].device_name, > > > + device_node->device_name, 64); > > this should be > > sizeof(devices[count].device_name) > > and av_strlcpy() > > > [Gupta, Maneesh] Attached is the updated patch.
> cmdutils_opencl.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > 9c380e0317410e70fbce79829cf65ab8c3feb98f > 0002-OpenCL-Avoid-potential-buffer-overflow-in-cmdutils_o.patch > From cf74c6938e60ebbf4eaaf8313128ee564bbc9dcf Mon Sep 17 00:00:00 2001 > From: Maneesh Gupta <maneesh.gu...@amd.com> > Date: Tue, 28 Apr 2015 13:08:31 +0530 > Subject: [PATCH 2/2] OpenCL: Avoid potential buffer overflow in > cmdutils_opencl.c > > The opt_opencl_bench function copied the device name using strcpy without > checking if the source string was larger. This patch fixes this by replacing > the strcpy with av_strlcpy, with the string copy size capped to the > destination buffer size. > > Signed-off-by: Maneesh Gupta <maneesh.gu...@amd.com> applied thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I do not agree with what you have to say, but I'll defend to the death your right to say it. -- Voltaire
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
