From 0a51362b3f3c3a0df09b24fbd9049711bff6fb94 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 25 Mar 2011 00:20:07 +0100
Subject: log:Sanitize string of most control chars before printing. This may
 be security relevant depending upon the used terminal.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavutil/log.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'libavutil/log.c')

diff --git a/libavutil/log.c b/libavutil/log.c
index 6c9e76a..b3c9358 100644
--- a/libavutil/log.c
+++ b/libavutil/log.c
@@ -82,6 +82,14 @@ const char* av_default_item_name(void* ptr){
     return (*(AVClass**)ptr)->class_name;
 }
 
+static void sanitize(uint8_t *line){
+    while(*line){
+        if(*line < 0x08 || (*line > 0x0D && *line < 0x20))
+            *line='?';
+        line++;
+    }
+}
+
 void av_log_default_callback(void* ptr, int level, const char* fmt, va_list vl)
 {
     static int print_prefix=1;
@@ -121,8 +129,9 @@ void av_log_default_callback(void* ptr, int level, const char* fmt, va_list vl)
         fprintf(stderr, "    Last message repeated %d times\n", count);
         count=0;
     }
-    colored_fputs(av_clip(level>>3, 0, 6), line);
     strcpy(prev, line);
+    sanitize(line);
+    colored_fputs(av_clip(level>>3, 0, 6), line);
 }
 
 static void (*av_log_callback)(void*, int, const char*, va_list) = av_log_default_callback;
-- 
cgit v1.1