Halaman utama Jelajahi Bantuan
Daftar Masuk
Apq
/
obs-studio
cermin dari https://github.com/obsproject/obs-studio.git
1
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

linux-v4l2: added range check for try_connect()

While the current code only ever calls try_connect() with the input
argument 'device' in the range of 0 and MAX_DEVICES, this adds a check
to ensure that future code does not break the following sprintf.

In addition, use snprintf instead of sprintf to ensure that if anything
breaks, the sprintf does not lead to memory corruption. Again, the new
check should already make sure of that, but the additional effort of
using snprintf instead of sprintf is so low that it is worth to have a
little more security in the future.
Frank Löffler 4 tahun lalu
induk
5efb10a5e2
melakukan
8f3d4b6758
1 mengubah file dengan 3 tambahan dan 1 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 3 1
      plugins/linux-v4l2/v4l2-output.c

+ 3 - 1
plugins/linux-v4l2/v4l2-output.c
Tampilan Berkas 

@@ -93,7 +93,9 @@ static bool try_connect(void *data, int device)
 
 	vcam->frame_size = width * height * 2;
 
 
 	char new_device[16];
 
-	sprintf(new_device, "/dev/video%d", device);
 
+	if (device < 0 || device >= MAX_DEVICES)
 
+		return false;
 
+	snprintf(new_device, 16, "/dev/video%d", device);
 
 
 	vcam->device = open(new_device, O_RDWR);