After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 739846 - opencv-example: Use snprintf instead of sprintf
opencv-example: Use snprintf instead of sprintf
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other All
: Normal minor
: 1.5.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-11-09 14:52 UTC by Hyunjun Ko
Modified: 2014-11-17 00:48 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Use snprintf instead of sprintf which is vulnerable (4.64 KB, patch)
2014-11-09 14:52 UTC, Hyunjun Ko
none Details | Review
Use g_snprintf instead of sprintf which doesn't check buffer boundary (4.71 KB, patch)
2014-11-09 23:47 UTC, Hyunjun Ko
none Details | Review
opencv-example: Use g_snprintf instead of sprintf (4.70 KB, patch)
2014-11-11 08:10 UTC, Hyunjun Ko
committed Details | Review

Description Hyunjun Ko 2014-11-09 14:52:36 UTC
Created attachment 290274 [details] [review]
Use snprintf instead of sprintf which is vulnerable

There are some places using sprintf, which deos not check buffer boundary.
I replaced them to using snprintf.
Comment 1 Nicolas Dufresne (ndufresne) 2014-11-09 19:30:20 UTC
Please squash this with the other snprintf changes. Also, I'd opt for g_snprintf(). In the commit log, add "examples: ..." and drop the vulnerable part, there is not proof this code was vulnerable. Thanks for your time btw.

*** This bug has been marked as a duplicate of bug 739844 ***
Comment 2 Nicolas Dufresne (ndufresne) 2014-11-09 19:32:07 UTC
Re-opening as Time closed the other one.
Comment 3 Hyunjun Ko 2014-11-09 23:47:46 UTC
Created attachment 290294 [details] [review]
Use g_snprintf instead of sprintf which doesn't check buffer boundary
Comment 4 Hyunjun Ko 2014-11-09 23:48:44 UTC
Comment on attachment 290294 [details] [review]
Use g_snprintf instead of sprintf which doesn't check buffer boundary

Yes. I also think g_snprintf is better. Thanks for advice.
Comment 5 Hyunjun Ko 2014-11-11 08:10:21 UTC
Created attachment 290400 [details] [review]
opencv-example: Use g_snprintf instead of sprintf
Comment 6 Hyunjun Ko 2014-11-11 08:10:45 UTC
Comment on attachment 290294 [details] [review]
Use g_snprintf instead of sprintf which doesn't check buffer boundary

Rebased
Comment 7 Tim-Philipp Müller 2014-11-17 00:48:37 UTC
Thanks, pushed:

commit fec8d4e7b21cc6891deae6f12e0e169838239072
Author: Hyunjun Ko <zzoonis@gmail.com>
Date:   Tue Nov 11 17:08:25 2014 +0900

    opencv-example: Use g_snprintf instead of sprintf
    
    https://bugzilla.gnome.org/show_bug.cgi?id=739846