shithub: openh264

Download patch

ref: e42e82aa1f016cbd0b27c21157548d11e6010ae0
parent: 33fe2b5883ce776e7c4fec88a049531d7785e491
author: Martin Storsjö <[email protected]>
date: Sun Jan 26 09:33:08 EST 2014

Make WelsVsprintf use vsnprintf, to check the buffer size

Otherwise builds on platforms other than MSVC might be
insecure.

Use vsnprintf_s with the _TRUNCATE flag instead of vsprintf_s
when using MSVC - this truncates the buffer instead of aborting
the whole process in case it's too small.

--- a/codec/common/crt_util_safe_x.cpp
+++ b/codec/common/crt_util_safe_x.cpp
@@ -88,7 +88,7 @@
 }
 
 int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {
-  return vsprintf_s (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr);
+  return vsnprintf_s (pBuffer, iSizeOfBuffer, _TRUNCATE, kpFormat, pArgPtr);
 }
 
 WelsFileHandle* WelsFopen (const str_t* kpFilename,  const str_t* kpMode) {
@@ -142,7 +142,7 @@
 }
 
 int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {
-  return vsprintf (pBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
+  return vsnprintf (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
 }
 
 
@@ -210,7 +210,7 @@
 #endif
 
 int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {
-  return vsprintf (pBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
+  return vsnprintf (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
 }
 
 WelsFileHandle* WelsFopen (const str_t* kpFilename,  const str_t* kpMode) {