[FFmpeg-devel] [PR] avformat/hlsenc: fix format string vulnerability in parse

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed

* [FFmpeg-devel] [PR] avformat/hlsenc: fix format string vulnerability in parse_playlist (alternative fix) (PR #21599)
@ 2026-01-27 16:40 michaelni via ffmpeg-devel
  0 siblings, 0 replies; only message in thread
From: michaelni via ffmpeg-devel @ 2026-01-27 16:40 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: michaelni

PR #21599 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21599
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21599.patch

Found-by: Sarthak Munshi <sarthakmunshi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>From 1739a50cdba18bbb4e1b6ea19fbf37f2b5e1f114 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 27 Jan 2026 16:57:30 +0100
Subject: [PATCH] avformat/hlsenc: fix format string vulnerability in
 parse_playlist (alternative fix)

Found-by: Sarthak Munshi <sarthakmunshi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/hlsenc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 7105404d1e..ee64a5a275 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -1242,13 +1242,13 @@ static int parse_playlist(AVFormatContext *s, const char *url, VariantStream *vs
                 if (vs->has_subtitle) {
                     int vtt_index = extract_segment_number(line);
                     const char *vtt_basename = av_basename(vs->vtt_basename);
-                    int len = strlen(vtt_basename) + 11;
-                    char *vtt_file = av_mallocz(len);
-                    if (!vtt_file) {
+                    char *vtt_file = NULL;
+                    int ret = replace_int_data_in_filename(&vtt_file, vtt_basename, 'd', vtt_index);
+                    if (ret < 0 || !vtt_file) {
                         ret = AVERROR(ENOMEM);
                         goto fail;
                     }
-                    snprintf(vtt_file, len, vtt_basename, vtt_index);
+
                     ff_format_set_url(vs->vtt_avf, vtt_file);
                 }
 
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-01-27 16:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-27 16:40 [FFmpeg-devel] [PR] avformat/hlsenc: fix format string vulnerability in parse_playlist (alternative fix) (PR #21599) michaelni via ffmpeg-devel

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git