ref: 372b2e44049f355c52c13d75112db9f14d0ae4f7
parent: 00adf5c33e051fcb97b91d4a530efe59fe0eb14a
author: LoRd_MuldeR <[email protected]>
date: Sat Dec 16 14:47:46 EST 2017
Fixed possible buffer overflow. Buffer 'percents' was statically allocated with fixed size, but a string of *unbounded* size (because it contains a user-supplied the file name) was written into that buffer via sprintf().
--- a/frontend/main.c
+++ b/frontend/main.c
@@ -70,6 +70,7 @@
#define MAX_CHANNELS 6 /* make this higher to support files with
more channels */
+#define MAX_PERCENTS 384
static int quiet = 0;
@@ -469,7 +470,7 @@
NeAACDecFrameInfo frameInfo;
NeAACDecConfigurationPtr config;
- char percents[200];
+ char percents[MAX_PERCENTS];
int percent, old_percent = -1;
int bread, fileread;
int header_type = 0;
@@ -734,7 +735,7 @@
if (percent > old_percent)
{
old_percent = percent;
- sprintf(percents, "%d%% decoding %s.", percent, aacfile);
+ snprintf(percents, MAX_PERCENTS, "%d%% decoding %s.", percent, aacfile);
faad_fprintf(stderr, "%s\r", percents);
#ifdef _WIN32
SetConsoleTitle(percents);
@@ -802,7 +803,7 @@
NeAACDecFrameInfo frameInfo;
mp4AudioSpecificConfig mp4ASC;
- char percents[200];
+ char percents[MAX_PERCENTS];
int percent, old_percent = -1;
int first_time = 1;
@@ -979,7 +980,7 @@
if (percent > old_percent)
{
old_percent = percent;
- sprintf(percents, "%d%% decoding %s.", percent, mp4file);
+ snprintf(percents, MAX_PERCENTS, "%d%% decoding %s.", percent, mp4file);
faad_fprintf(stderr, "%s\r", percents);
#ifdef _WIN32
SetConsoleTitle(percents);