On Thu, Jul 31, 2025 at 04:21:35PM +0800, Cai Fan wrote:
> Signed-off-by: Cai Fan <caifan0425@163.com>
> ---
>  libavformat/img2enc.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/img2enc.c b/libavformat/img2enc.c
> index 41638d92b8..9a5718a8da 100644
> --- a/libavformat/img2enc.c
> +++ b/libavformat/img2enc.c
> @@ -180,7 +180,12 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt)
>      }
>      for (i = 0; i < 4; i++) {
>          av_dict_copy(&options, img->protocol_opts, 0);
> -        snprintf(img->tmp[i], sizeof(img->tmp[i]), "%s.tmp", filename);
> +        int len = snprintf(img->tmp[i], sizeof(img->tmp[i]), "%s.tmp", filename);
> +        if (len < 0 || len >= sizeof(img->tmp[i])) {
> +            av_log(s, AV_LOG_ERROR, "filename '%s' exceeds buffer size %zu\n", filename, sizeof(img->tmp[i]));
> +            ret = AVERROR(EINVAL);
> +            goto fail;
> +        }

is there a reason this doesnt use av_asprintf() ?
that is allocate as needed

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No great genius has ever existed without some touch of madness. -- Aristotle