From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 5ABB84D07B
	for <ffmpegdev@gitmailbox.com>; Fri,  7 Nov 2025 08:46:47 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'PPMDqVmJ6FT5Vuha4XarpLiRb6duJ9Lghl5Abq1pNS0=', expected 
   b'od9BAQnQznkhJhEqKY2cPK8l5k9BOuUHbg0/HXqm9nM=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762505197; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=PPMDqVmJ6FT5Vuha4XarpLiRb6duJ9Lghl5Abq1pNS0=;
 b=oa7bLkcR8ZfjvrzTvgQm1Gsm8/Et389/sqf+DNv7lRKYXUMrrFJtfp7PEFnqmy3rQaoln
 OxjR+9sunVBN42UCzyrr466/qxaO4tdcg0on/2w83Pxy9IbRgG3GaDj//xs2OhwCgirEFGb
 O2U9RU4eJyJttzlO5kOt0+4MMmEWOFRkHlXSk5m5uhodjW9GRvOdHmkefzvD/dxIrlx5Dae
 8Tuz9M6Zo16O3Y6hsDx7ul18DM+elNCdVP/Euj63uJjViL1wO70S209yTXE/NEekMO1YLZ8
 OOLcYvJqUo40Slx68xj2VEk72EbqJGPlUtcFnnyM7dOhaI/WnhLofXn1mstg==
Received: from [172.19.0.2] (unknown [172.19.0.2])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 8D5B868FBA7;
	Fri,  7 Nov 2025 10:46:37 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1762505181;
 b=BN1BOQR2Du2mYxK/AGIz1p5Ne/ElKo+hworfmlKI56gyp9OnaNLJktp6vQZDTz6d/99sh
 4+wEzZ6EwP+mcPU5C0MtMDuwcBJ6w41+Cxvq1Zn67vQhlv9DtIQ8Js6xZKR66GIgPJsQjo4
 Mo9xtePKzARcXWzLFouf1BjgzghSG/HMFmFCKTAS+dvzGDCY1bxmbdDfKFsNFa5k9Q1F4Qj
 evMt+3yuw0uuS+BQ37Legs7nhUVS3xIf2xzheMP4oT+FjgHOEW/IE6c9J97HBawdchCFbQK
 4fwP421bcSHvH9rTFqIqhicign7OpeCc974nOt5t43bZKP0dvhpo6I4OZfUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1762505181; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=t4V9pRaTRGsAqjtpHfH8NCn1xOsXNBoeDZMQ2jdNs0s=;
 b=KG2e04GMMmt7x+ETvygA6+FbUSCGqZn4mHjn8197rgX/HV4ZOLZHO8zgweFt3dXdY1EEN
 HWFVGPPriXn79uOC3paswjyxy0qKFOgg9g9HghezUEpqaZK1aF1vaGmSpGMUX7zKUqKMVDd
 5LVMK9ad+GxxlgxTcgi7KYBTeME1EkhlzEwv5vGyN9I1t3o5BFToRJAlgSYyfe0aKOBk63W
 yUgOTcYL9hUhi3gDYjJUWKXPdxRwBaVjozoMvMisf9jm5D0TXbh73TXvqQARy/biUKnrjaN
 xpymX9O1e+uLfrfF7fp6OPy3efEdgqzd9dbiNH7Ol2qmzdUZW1OeOjTpNbiA==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762505173; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=od9BAQnQznkhJhEqKY2cPK8l5k9BOuUHbg0/HXqm9nM=;
 b=wgNg1ucvCuNnJH8tbm8OR9Y4U/3/RO1WLpKNHoglzRERs3K4IImyIwx0loyQopiTMwMKL
 ajUD2lQWImiQRNhFjOB25YyVTEmJjjKU1c7xBRtqTcnMPiSoedlW5mQ/S4TR3uFOtqqnB+K
 0f32ok/oaZKmZ05b018faC1frsRs59jc9ea+wc3Gn/M3oKB6LLznspQAJqh8mTvizHNaNEc
 vmVOANQRlSPtNOkiKzE6gw/xxT/cH8OFNukNA7PMn1csNwtIpa1GZ8OMacBP+z++hoU8BYw
 hOJMvt5lpTS566s8fYuoTCKMOt7FdHysr3mclk2VNUFMFRFfGvrt8XinoUZA==
Received: from 188d6d40ca7a (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 51C9D68F696
	for <ffmpeg-devel@ffmpeg.org>; Fri,  7 Nov 2025 10:46:13 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Fri, 07 Nov 2025 08:46:13 -0000
Message-ID: <176250517342.25.12497821266028012598@2cb04c0e5124>
Message-ID-Hash: HUM4MOHR2VWPUBMNC5FK22QXZFTGW2NH
X-Message-ID-Hash: HUM4MOHR2VWPUBMNC5FK22QXZFTGW2NH
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] libavformat/rtsp: fix potential buffer truncation in
 ff_rtsp_make_setup_request (PR #20857)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/HUM4MOHR2VWPUBMNC5FK22QXZFTGW2NH/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176250517342.25.12497821266028012598@2cb04c0e5124/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: caifan via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: caifan <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176250517342.25.12497821266028012598@2cb04c0e5124/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #20857 opened by caifan
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20857
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20857.patch

GCC with -Wformat-truncation warns that writing the transport string with snprintf may result in truncation, as up to 4095 bytes from '%s'
are written into a buffer with only 4085 bytes available (after accounting for "Transport: " and "\r\n").

Signed-off-by: caifan3 <caifan3@xiaomi.com>


>>From 2ae2910d2d55ca6a8f8145fc3160589d02415801 Mon Sep 17 00:00:00 2001
From: caifan3 <caifan3@xiaomi.com>
Date: Fri, 7 Nov 2025 16:39:56 +0800
Subject: [PATCH] libavformat/rtsp: fix potential buffer truncation in
 ff_rtsp_make_setup_request

GCC with -Wformat-truncation warns that writing the transport string with snprintf may result in truncation, as up to 4095 bytes from '%s'
are written into a buffer with only 4085 bytes available (after accounting for "Transport: " and "\r\n").

Signed-off-by: caifan3 <caifan3@xiaomi.com>
---
 libavformat/rtsp.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index e8f44e571a..5742aecce1 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1499,7 +1499,7 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port,
                               int lower_transport, const char *real_challenge)
 {
     RTSPState *rt = s->priv_data;
-    int rtx = 0, j, i, err, interleave = 0, port_off = 0;
+    int rtx = 0, j, i, err, len, interleave = 0, port_off = 0;
     RTSPStream *rtsp_st;
     RTSPMessageHeader reply1, *reply = &reply1;
     char cmd[MAX_URL_SIZE];
@@ -1631,9 +1631,10 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port,
         } else if (rt->server_type == RTSP_SERVER_REAL ||
                    rt->server_type == RTSP_SERVER_WMS)
             av_strlcat(transport, ";mode=play", sizeof(transport));
-        snprintf(cmd, sizeof(cmd),
-                 "Transport: %s\r\n",
-                 transport);
+        len = snprintf(cmd, sizeof(cmd),
+               "Transport: %s\r\n",
+               transport);
+        av_assert0(len >= 0 && len < sizeof(cmd));
         if (rt->accept_dynamic_rate)
             av_strlcat(cmd, "x-Dynamic-Rate: 0\r\n", sizeof(cmd));
         if (CONFIG_RTPDEC && i == 0 && rt->server_type == RTSP_SERVER_REAL) {
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org