From 2b13220d6335a45ff3a75c01642f59fabd68179f Mon Sep 17 00:00:00 2001
From: tt2468 <tt2468@gmail.com>
Date: Wed, 27 Mar 2024 13:32:47 -0700
Subject: [PATCH] Fix buffer overflow in Gstreamer log function (#382)

vsprintf() is dangerous, and can overflow easily, especially with small
buffers like the 100 byte one that was being used. This changes the
buffer size to a more sane 4KiB, and uses vsnprintf() to automatically
concatenate a large log message instead of overflowing and crashing.
---
 server/internal/capture/gst/gst.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/internal/capture/gst/gst.c b/server/internal/capture/gst/gst.c
index e538f5d..6f90323 100644
--- a/server/internal/capture/gst/gst.c
+++ b/server/internal/capture/gst/gst.c
@@ -3,8 +3,8 @@
 static void gstreamer_pipeline_log(GstPipelineCtx *ctx, char* level, const char* format, ...) {
   va_list argptr;
   va_start(argptr, format);
-  char buffer[100];
-  vsprintf(buffer, format, argptr);
+  char buffer[4096];
+  vsnprintf(buffer, sizeof(buffer), format, argptr);
   va_end(argptr);
   goPipelineLog(level, buffer, ctx->pipelineId);
 }