colin/Megapixels
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

process_pipeline: replace sprintf with snprintf

Browse Source 
to avoid potential buffer overflows
This commit is contained in:
Andrey Skvortsov
2025-05-28 01:06:52 +03:00
committed by Martijn Braam
parent f64782d9a5
commit 529e7841ab
3 changed files with 48 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main.c
View File

@@ -1413,9 +1413,10 @@ activate(GtkApplication *app, gpointer data)
// Initialize the postprocessing gsetting to the old processor if // Initialize the postprocessing gsetting to the old processor if
// it was not set yet // it was not set yet
if (setting_postproc == NULL || setting_postproc[0] == '\0') { if (setting_postproc == NULL || setting_postproc[0] == '\0') {
const int size = 512;
printf("Initializing postprocessor gsetting\n"); printf("Initializing postprocessor gsetting\n");
setting_postproc = malloc(512); setting_postproc = malloc(size);
if (!mp_process_find_processor(setting_postproc, "postprocess.sh")) { if (!mp_process_find_processor(setting_postproc, size, "postprocess.sh")) {
printf("No processor found\n"); printf("No processor found\n");
exit(1); exit(1);
} }

46
src/process_pipeline.c
View File

@@ -68,7 +68,7 @@ mp_process_find_all_processors(GtkListStore *store)
} }
// Check for a script in XDG_CONFIG_HOME // Check for a script in XDG_CONFIG_HOME
sprintf(buffer, "%s/megapixels/postprocess.sh", g_get_user_config_dir()); snprintf(buffer, sizeof(buffer), "%s/megapixels/postprocess.sh", g_get_user_config_dir());
if (access(buffer, F_OK) != -1) { if (access(buffer, F_OK) != -1) {
gtk_list_store_insert(store, &iter, -1); gtk_list_store_insert(store, &iter, -1);
gtk_list_store_set( gtk_list_store_set(
@@ -76,7 +76,7 @@ mp_process_find_all_processors(GtkListStore *store)
} }
// Check user overridden /etc/megapixels/postprocess.sh // Check user overridden /etc/megapixels/postprocess.sh
sprintf(buffer, "%s/megapixels/postprocess.sh", SYSCONFDIR); snprintf(buffer, sizeof(buffer), "%s/megapixels/postprocess.sh", SYSCONFDIR);
if (access(buffer, F_OK) != -1) { if (access(buffer, F_OK) != -1) {
gtk_list_store_insert(store, &iter, -1); gtk_list_store_insert(store, &iter, -1);
gtk_list_store_set( gtk_list_store_set(
@@ -84,7 +84,7 @@ mp_process_find_all_processors(GtkListStore *store)
} }
// Check user overridden /usr/share/megapixels/postprocess.sh // Check user overridden /usr/share/megapixels/postprocess.sh
sprintf(buffer, "%s/megapixels/postprocess.sh", DATADIR); snprintf(buffer, sizeof(buffer), "%s/megapixels/postprocess.sh", DATADIR);
if (access(buffer, F_OK) != -1) { if (access(buffer, F_OK) != -1) {
gtk_list_store_insert(store, &iter, -1); gtk_list_store_insert(store, &iter, -1);
gtk_list_store_set( gtk_list_store_set(
@@ -94,7 +94,7 @@ mp_process_find_all_processors(GtkListStore *store)
// Find extra packaged postprocessor scripts // Find extra packaged postprocessor scripts
// These should be packaged in // These should be packaged in
// /usr/share/megapixels/postprocessor.d/executable // /usr/share/megapixels/postprocessor.d/executable
sprintf(buffer, "%s/megapixels/postprocessor.d", DATADIR); snprintf(buffer, sizeof(buffer), "%s/megapixels/postprocessor.d", DATADIR);
DIR *d; DIR *d;
struct dirent *dir; struct dirent *dir;
d = opendir(buffer); d = opendir(buffer);
@@ -103,7 +103,8 @@ mp_process_find_all_processors(GtkListStore *store)
if (dir->d_name[0] == '.') { if (dir->d_name[0] == '.') {
continue; continue;
} }
sprintf(buffer, snprintf(buffer,
sizeof(buffer),
"%s/megapixels/postprocessor.d/%s", "%s/megapixels/postprocessor.d/%s",
DATADIR, DATADIR,
dir->d_name); dir->d_name);
@@ -116,32 +117,32 @@ mp_process_find_all_processors(GtkListStore *store)
} }
bool bool
mp_process_find_processor(char *script, char *filename) mp_process_find_processor(char *script, int size, char *filename)
{ {
// Check postprocess.sh in the current working directory // Check postprocess.sh in the current working directory
sprintf(script, "./data/%s", filename); snprintf(script, size, "./data/%s", filename);
if (access(script, F_OK) != -1) { if (access(script, F_OK) != -1) {
sprintf(script, "./data/%s", filename); snprintf(script, size, "./data/%s", filename);
printf("Found postprocessor script at %s\n", script); printf("Found postprocessor script at %s\n", script);
return true; return true;
} }
// Check for a script in XDG_CONFIG_HOME // Check for a script in XDG_CONFIG_HOME
sprintf(script, "%s/megapixels/%s", g_get_user_config_dir(), filename); snprintf(script, size, "%s/megapixels/%s", g_get_user_config_dir(), filename);
if (access(script, F_OK) != -1) { if (access(script, F_OK) != -1) {
printf("Found postprocessor script at %s\n", script); printf("Found postprocessor script at %s\n", script);
return true; return true;
} }
// Check user overridden /etc/megapixels/postprocessor.sh // Check user overridden /etc/megapixels/postprocessor.sh
sprintf(script, "%s/megapixels/%s", SYSCONFDIR, filename); snprintf(script, size, "%s/megapixels/%s", SYSCONFDIR, filename);
if (access(script, F_OK) != -1) { if (access(script, F_OK) != -1) {
printf("Found postprocessor script at %s\n", script); printf("Found postprocessor script at %s\n", script);
return true; return true;
} }
// Check packaged /usr/share/megapixels/postprocessor.sh // Check packaged /usr/share/megapixels/postprocessor.sh
sprintf(script, "%s/megapixels/%s", DATADIR, filename); snprintf(script, size, "%s/megapixels/%s", DATADIR, filename);
if (access(script, F_OK) != -1) { if (access(script, F_OK) != -1) {
printf("Found postprocessor script at %s\n", script); printf("Found postprocessor script at %s\n", script);
return true; return true;
@@ -161,7 +162,7 @@ static void setup_capture(void)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
snprintf(burst_dir, sizeof(bufst_dir), tempdir); snprintf(burst_dir, sizeof(burst_dir), tempdir);
} }
static void static void
@@ -175,7 +176,7 @@ setup(MPPipeline *pipeline, const void *data)
state_proc.mode_exposure = AAA_BY_V4L2_CONTROLS; state_proc.mode_exposure = AAA_BY_V4L2_CONTROLS;
state_proc.mode_focus = AAA_DISABLED; state_proc.mode_focus = AAA_DISABLED;
if (!mp_process_find_processor(movie_script, "movie.sh")) { if (!mp_process_find_processor(movie_script, sizeof(movie_script), "movie.sh")) {
fprintf(stderr,"movie.sh not found, video pipeline disabled\n"); fprintf(stderr,"movie.sh not found, video pipeline disabled\n");
} }
setup_capture(); setup_capture();
@@ -525,7 +526,8 @@ summarize()
(float) time, (float) gain, state_proc.gain.value, state_proc.dgain.value, (float) time, (float) gain, state_proc.gain.value, state_proc.dgain.value,
(float) 1/diopt); (float) 1/diopt);
sprintf(buf, "1/%s%.0f%sISO%s%.0f%sm%s%.2f", snprintf(buf, sizeof(buf),
"1/%s%.0f%sISO%s%.0f%sm%s%.2f",
sep, (float) (1.0/time), sep, sep, (float) (1.0/time), sep,
sep, (float) (gain*100), sep, (float) (gain*100),
sep, sep, 1/diopt); sep, sep, 1/diopt);
@@ -979,7 +981,8 @@ save_grw(const uint8_t *image, char *fname)
fwrite(image, size, 1, outfile); fwrite(image, size, 1, outfile);
char buf[1024]; char buf[1024];
buf[0] = 0; buf[0] = 0;
int header = sprintf(buf+1, int header = snprintf(buf + 1,
sizeof(buf) - 1,
"Caps: video/x-raw,format=%s,width=%d,height=%d\nSize: %d\nGRW", "Caps: video/x-raw,format=%s,width=%d,height=%d\nSize: %d\nGRW",
format, width, height, size); format, width, height, size);
fwrite(buf, header+1, 1, outfile); fwrite(buf, header+1, 1, outfile);
@@ -1074,7 +1077,7 @@ static void
process_image_for_capture_yuv(const uint8_t *image, int count) process_image_for_capture_yuv(const uint8_t *image, int count)
{ {
char fname[255]; char fname[255];
sprintf(fname, "%s/%d.jpg", burst_dir, count); snprintf(fname, sizeof(fname), "%s/%d.jpg", burst_dir, count);
save_jpeg(image, fname); save_jpeg(image, fname);
} }
@@ -1234,7 +1237,7 @@ static void
process_image_for_capture_bayer(const uint8_t *image, int count) process_image_for_capture_bayer(const uint8_t *image, int count)
{ {
char fname[255]; char fname[255];
sprintf(fname, "%s/%d.dng", burst_dir, count); snprintf(fname, sizeof(fname), "%s/%d.dng", burst_dir, count);
save_dng(image, fname, count); save_dng(image, fname, count);
} }
@@ -1287,17 +1290,20 @@ process_capture_burst(GdkTexture *thumb)
format_timestamp(timestamp); format_timestamp(timestamp);
if (g_get_user_special_dir(G_USER_DIRECTORY_PICTURES) != NULL) { if (g_get_user_special_dir(G_USER_DIRECTORY_PICTURES) != NULL) {
sprintf(capture_fname, snprintf(capture_fname,
sizeof(capture_fname),
"%s/IMG%s", "%s/IMG%s",
g_get_user_special_dir(G_USER_DIRECTORY_PICTURES), g_get_user_special_dir(G_USER_DIRECTORY_PICTURES),
timestamp); timestamp);
} else if (getenv("XDG_PICTURES_DIR") != NULL) { } else if (getenv("XDG_PICTURES_DIR") != NULL) {
sprintf(capture_fname, snprintf(capture_fname,
sizeof(capture_fname),
"%s/IMG%s", "%s/IMG%s",
getenv("XDG_PICTURES_DIR"), getenv("XDG_PICTURES_DIR"),
timestamp); timestamp);
} else { } else {
sprintf(capture_fname, snprintf(capture_fname,
sizeof(capture_fname),
"%s/Pictures/IMG%s", "%s/Pictures/IMG%s",
getenv("HOME"), getenv("HOME"),
timestamp); timestamp);

3
src/process_pipeline.h
View File

@@ -37,7 +37,8 @@ struct mp_process_pipeline_state {
bool control_focus; bool control_focus;
}; };
bool mp_process_find_processor(char *script, char *filename);
bool mp_process_find_processor(char *script, int size, char *filename);
void mp_process_find_all_processors(GtkListStore *store); void mp_process_find_all_processors(GtkListStore *store);
void mp_process_pipeline_start(); void mp_process_pipeline_start();