Mercurial > mplayer.hg
annotate stream/realrtsp/asmrp.c @ 22185:80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
exploitable.
author | rtogni |
---|---|
date | Sun, 11 Feb 2007 17:54:18 +0000 |
parents | 899739212237 |
children | 0f1b5b68af32 |
rev | line source |
---|---|
9922 | 1 /* |
2 * This file was ported to MPlayer from xine CVS asmrp.c,v 1.2 2002/12/17 16:49:48 | |
3 */ | |
4 | |
5 /* | |
6 * Copyright (C) 2002 the xine project | |
7 * | |
8 * This file is part of xine, a free video player. | |
9 * | |
10 * xine is free software; you can redistribute it and/or modify | |
11 * it under the terms of the GNU General Public License as published by | |
12 * the Free Software Foundation; either version 2 of the License, or | |
13 * (at your option) any later version. | |
14 * | |
15 * xine is distributed in the hope that it will be useful, | |
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 * GNU General Public License for more details. | |
19 * | |
20 * You should have received a copy of the GNU General Public License | |
21 * along with this program; if not, write to the Free Software | |
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA | |
23 * | |
24 * | |
25 * a parser for real's asm rules | |
26 * | |
27 * grammar for these rules: | |
28 * | |
29 | |
30 rule_book = { rule } | |
31 rule = ( '#' condition { ',' assignment } | [ assignment {',' assignment} ]) ';' | |
32 assignment = id '=' const | |
33 const = ( number | string ) | |
34 condition = comp_expr { ( '&&' | '||' ) comp_expr } | |
35 comp_expr = operand { ( '<' | '<=' | '==' | '>=' | '>' ) operand } | |
36 operand = ( '$' id | num | '(' condition ')' ) | |
37 | |
38 */ | |
39 | |
40 #include <stdlib.h> | |
41 #include <stdio.h> | |
42 #include <string.h> | |
20701 | 43 #include "mp_msg.h" |
21783
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
44 #include "asmrp.h" |
9922 | 45 |
46 /* | |
47 #define LOG | |
48 */ | |
49 | |
50 #define ASMRP_SYM_NONE 0 | |
51 #define ASMRP_SYM_EOF 1 | |
52 | |
53 #define ASMRP_SYM_NUM 2 | |
54 #define ASMRP_SYM_ID 3 | |
55 #define ASMRP_SYM_STRING 4 | |
56 | |
57 #define ASMRP_SYM_HASH 10 | |
58 #define ASMRP_SYM_SEMICOLON 11 | |
59 #define ASMRP_SYM_COMMA 12 | |
60 #define ASMRP_SYM_EQUALS 13 | |
61 #define ASMRP_SYM_AND 14 | |
62 #define ASMRP_SYM_OR 15 | |
63 #define ASMRP_SYM_LESS 16 | |
64 #define ASMRP_SYM_LEQ 17 | |
65 #define ASMRP_SYM_GEQ 18 | |
66 #define ASMRP_SYM_GREATER 19 | |
67 #define ASMRP_SYM_DOLLAR 20 | |
68 #define ASMRP_SYM_LPAREN 21 | |
69 #define ASMRP_SYM_RPAREN 22 | |
70 | |
71 #define ASMRP_MAX_ID 1024 | |
72 | |
73 #define ASMRP_MAX_SYMTAB 10 | |
74 | |
75 typedef struct { | |
76 char *id; | |
77 int v; | |
78 } asmrp_sym_t; | |
79 | |
80 typedef struct { | |
81 | |
82 /* public part */ | |
83 | |
84 int sym; | |
85 int num; | |
86 | |
87 char str[ASMRP_MAX_ID]; | |
88 | |
89 /* private part */ | |
90 | |
91 char *buf; | |
92 int pos; | |
93 char ch; | |
94 | |
95 asmrp_sym_t sym_tab[ASMRP_MAX_SYMTAB]; | |
96 int sym_tab_num; | |
97 | |
98 } asmrp_t; | |
99 | |
17566
f580a7755ac5
Patch by Stefan Huehner / stefan % huehner ! org \
rathann
parents:
13203
diff
changeset
|
100 static asmrp_t *asmrp_new (void) { |
9922 | 101 |
102 asmrp_t *p; | |
103 | |
104 p = malloc (sizeof (asmrp_t)); | |
105 | |
106 p->sym_tab_num = 0; | |
107 p->sym = ASMRP_SYM_NONE; | |
108 | |
109 return p; | |
110 } | |
111 | |
112 static void asmrp_dispose (asmrp_t *p) { | |
113 | |
114 int i; | |
115 | |
116 for (i=0; i<p->sym_tab_num; i++) | |
117 free (p->sym_tab[i].id); | |
118 | |
119 free (p); | |
120 } | |
121 | |
122 static void asmrp_getch (asmrp_t *p) { | |
123 p->ch = p->buf[p->pos]; | |
124 p->pos++; | |
125 | |
126 #ifdef LOG | |
127 printf ("%c\n", p->ch); | |
128 #endif | |
129 | |
130 } | |
131 | |
132 static void asmrp_init (asmrp_t *p, const char *str) { | |
133 | |
134 p->buf = strdup (str); | |
135 p->pos = 0; | |
136 | |
137 asmrp_getch (p); | |
138 } | |
139 | |
140 static void asmrp_number (asmrp_t *p) { | |
141 | |
142 int num; | |
143 | |
144 num = 0; | |
145 while ( (p->ch>='0') && (p->ch<='9') ) { | |
146 | |
147 num = num*10 + (p->ch - '0'); | |
148 | |
149 asmrp_getch (p); | |
150 } | |
151 | |
152 p->sym = ASMRP_SYM_NUM; | |
153 p->num = num; | |
154 } | |
155 | |
156 static void asmrp_string (asmrp_t *p) { | |
157 | |
158 int l; | |
159 | |
160 l = 0; | |
161 | |
162 while ( (p->ch!='"') && (p->ch>=32) ) { | |
163 | |
22185
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
164 if(l < ASMRP_MAX_ID - 1) |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
165 p->str[l++] = p->ch; |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
166 else |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
167 mp_msg(MSGT_STREAM, MSGL_ERR, "error: string too long, ignoring char %c.\n", p->ch); |
9922 | 168 |
169 asmrp_getch (p); | |
170 } | |
171 p->str[l]=0; | |
172 | |
173 if (p->ch=='"') | |
174 asmrp_getch (p); | |
175 | |
176 p->sym = ASMRP_SYM_STRING; | |
177 } | |
178 | |
179 static void asmrp_identifier (asmrp_t *p) { | |
180 | |
181 int l; | |
182 | |
183 l = 0; | |
184 | |
185 while ( ((p->ch>='A') && (p->ch<='z')) | |
186 || ((p->ch>='0') && (p->ch<='9'))) { | |
187 | |
22185
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
188 if(l < ASMRP_MAX_ID - 1) |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
189 p->str[l++] = p->ch; |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
190 else |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
191 mp_msg(MSGT_STREAM, MSGL_ERR, "error: identifier too long, ignoring char %c.\n", p->ch); |
9922 | 192 |
193 asmrp_getch (p); | |
194 } | |
195 p->str[l]=0; | |
196 | |
197 p->sym = ASMRP_SYM_ID; | |
198 } | |
199 | |
200 #ifdef LOG | |
201 static void asmrp_print_sym (asmrp_t *p) { | |
202 | |
203 printf ("symbol: "); | |
204 | |
205 switch (p->sym) { | |
206 | |
207 case ASMRP_SYM_NONE: | |
208 printf ("NONE\n"); | |
209 break; | |
210 | |
211 case ASMRP_SYM_EOF: | |
212 printf ("EOF\n"); | |
213 break; | |
214 | |
215 case ASMRP_SYM_NUM: | |
216 printf ("NUM %d\n", p->num); | |
217 break; | |
218 | |
219 case ASMRP_SYM_ID: | |
220 printf ("ID '%s'\n", p->str); | |
221 break; | |
222 | |
223 case ASMRP_SYM_STRING: | |
224 printf ("STRING \"%s\"\n", p->str); | |
225 break; | |
226 | |
227 case ASMRP_SYM_HASH: | |
228 printf ("#\n"); | |
229 break; | |
230 | |
231 case ASMRP_SYM_SEMICOLON: | |
232 printf (";\n"); | |
233 break; | |
234 case ASMRP_SYM_COMMA: | |
235 printf (",\n"); | |
236 break; | |
237 case ASMRP_SYM_EQUALS: | |
238 printf ("==\n"); | |
239 break; | |
240 case ASMRP_SYM_AND: | |
241 printf ("&&\n"); | |
242 break; | |
243 case ASMRP_SYM_OR: | |
244 printf ("||\n"); | |
245 break; | |
246 case ASMRP_SYM_LESS: | |
247 printf ("<\n"); | |
248 break; | |
249 case ASMRP_SYM_LEQ: | |
250 printf ("<=\n"); | |
251 break; | |
252 case ASMRP_SYM_GEQ: | |
253 printf (">=\n"); | |
254 break; | |
255 case ASMRP_SYM_GREATER: | |
256 printf (">\n"); | |
257 break; | |
258 case ASMRP_SYM_DOLLAR: | |
259 printf ("$\n"); | |
260 break; | |
261 case ASMRP_SYM_LPAREN: | |
262 printf ("(\n"); | |
263 break; | |
264 case ASMRP_SYM_RPAREN: | |
265 printf (")\n"); | |
266 break; | |
267 | |
268 default: | |
269 printf ("unknown symbol %d\n", p->sym); | |
270 } | |
271 } | |
272 #endif | |
273 | |
274 static void asmrp_get_sym (asmrp_t *p) { | |
275 | |
276 while (p->ch <= 32) { | |
277 if (p->ch == 0) { | |
278 p->sym = ASMRP_SYM_EOF; | |
279 return; | |
280 } | |
281 | |
282 asmrp_getch (p); | |
283 } | |
284 | |
285 if (p->ch == '\\') | |
286 asmrp_getch (p); | |
287 | |
288 switch (p->ch) { | |
289 | |
290 case '#': | |
291 p->sym = ASMRP_SYM_HASH; | |
292 asmrp_getch (p); | |
293 break; | |
294 case ';': | |
295 p->sym = ASMRP_SYM_SEMICOLON; | |
296 asmrp_getch (p); | |
297 break; | |
298 case ',': | |
299 p->sym = ASMRP_SYM_COMMA; | |
300 asmrp_getch (p); | |
301 break; | |
302 case '=': | |
303 p->sym = ASMRP_SYM_EQUALS; | |
304 asmrp_getch (p); | |
305 if (p->ch=='=') | |
306 asmrp_getch (p); | |
307 break; | |
308 case '&': | |
309 p->sym = ASMRP_SYM_AND; | |
310 asmrp_getch (p); | |
311 if (p->ch=='&') | |
312 asmrp_getch (p); | |
313 break; | |
314 case '|': | |
315 p->sym = ASMRP_SYM_OR; | |
316 asmrp_getch (p); | |
317 if (p->ch=='|') | |
318 asmrp_getch (p); | |
319 break; | |
320 case '<': | |
321 p->sym = ASMRP_SYM_LESS; | |
322 asmrp_getch (p); | |
323 if (p->ch=='=') { | |
324 p->sym = ASMRP_SYM_LEQ; | |
325 asmrp_getch (p); | |
326 } | |
327 break; | |
328 case '>': | |
329 p->sym = ASMRP_SYM_GREATER; | |
330 asmrp_getch (p); | |
331 if (p->ch=='=') { | |
332 p->sym = ASMRP_SYM_GEQ; | |
333 asmrp_getch (p); | |
334 } | |
335 break; | |
336 case '$': | |
337 p->sym = ASMRP_SYM_DOLLAR; | |
338 asmrp_getch (p); | |
339 break; | |
340 case '(': | |
341 p->sym = ASMRP_SYM_LPAREN; | |
342 asmrp_getch (p); | |
343 break; | |
344 case ')': | |
345 p->sym = ASMRP_SYM_RPAREN; | |
346 asmrp_getch (p); | |
347 break; | |
348 | |
349 case '"': | |
350 asmrp_getch (p); | |
351 asmrp_string (p); | |
352 break; | |
353 | |
354 case '0': case '1': case '2': case '3': case '4': | |
355 case '5': case '6': case '7': case '8': case '9': | |
356 asmrp_number (p); | |
357 break; | |
358 | |
359 default: | |
360 asmrp_identifier (p); | |
361 } | |
362 | |
363 #ifdef LOG | |
364 asmrp_print_sym (p); | |
365 #endif | |
366 | |
367 } | |
368 | |
369 static int asmrp_find_id (asmrp_t *p, char *s) { | |
370 | |
371 int i; | |
372 | |
373 for (i=0; i<p->sym_tab_num; i++) { | |
374 if (!strcmp (s, p->sym_tab[i].id)) | |
375 return i; | |
376 } | |
377 | |
378 return -1; | |
379 } | |
380 | |
381 static int asmrp_set_id (asmrp_t *p, char *s, int v) { | |
382 | |
383 int i; | |
384 | |
385 i = asmrp_find_id (p, s); | |
386 | |
387 if (i<0) { | |
22185
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
388 if (p->sym_tab_num == ASMRP_MAX_SYMTAB - 1) { |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
389 mp_msg(MSGT_STREAM, MSGL_ERR, "sym_tab overflow, ignoring identifier %s\n", s); |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
390 return 0; |
80ff3962cef4
More boundary checks for fixed-length arrays. Some of them may have been
rtogni
parents:
21787
diff
changeset
|
391 } |
9922 | 392 i = p->sym_tab_num; |
393 p->sym_tab_num++; | |
394 p->sym_tab[i].id = strdup (s); | |
395 | |
396 #ifdef LOG | |
397 printf ("new symbol '%s'\n", s); | |
398 #endif | |
399 | |
400 } | |
401 | |
402 p->sym_tab[i].v = v; | |
403 | |
404 #ifdef LOG | |
405 printf ("symbol '%s' assigned %d\n", s, v); | |
406 #endif | |
407 | |
408 return i; | |
409 } | |
410 | |
411 static int asmrp_condition (asmrp_t *p) ; | |
412 | |
413 static int asmrp_operand (asmrp_t *p) { | |
414 | |
415 int i, ret; | |
416 | |
417 #ifdef LOG | |
418 printf ("operand\n"); | |
419 #endif | |
420 | |
421 ret = 0; | |
422 | |
423 switch (p->sym) { | |
424 | |
425 case ASMRP_SYM_DOLLAR: | |
426 | |
427 asmrp_get_sym (p); | |
428 | |
429 if (p->sym != ASMRP_SYM_ID) { | |
20699 | 430 mp_msg(MSGT_STREAM, MSGL_ERR, "error: identifier expected.\n"); |
20697 | 431 break; |
9922 | 432 } |
433 | |
434 i = asmrp_find_id (p, p->str); | |
435 if (i<0) { | |
20699 | 436 mp_msg(MSGT_STREAM, MSGL_ERR, "error: unknown identifier %s\n", p->str); |
21787
899739212237
Fix invalid memory access if identifier is unknown
rtogni
parents:
21783
diff
changeset
|
437 } else |
9922 | 438 ret = p->sym_tab[i].v; |
439 | |
440 asmrp_get_sym (p); | |
441 break; | |
442 | |
443 case ASMRP_SYM_NUM: | |
444 ret = p->num; | |
445 | |
446 asmrp_get_sym (p); | |
447 break; | |
448 | |
449 case ASMRP_SYM_LPAREN: | |
450 asmrp_get_sym (p); | |
451 | |
452 ret = asmrp_condition (p); | |
453 | |
454 if (p->sym != ASMRP_SYM_RPAREN) { | |
20699 | 455 mp_msg(MSGT_STREAM, MSGL_ERR, "error: ) expected.\n"); |
20697 | 456 break; |
9922 | 457 } |
458 | |
459 asmrp_get_sym (p); | |
460 break; | |
461 | |
462 default: | |
20699 | 463 mp_msg(MSGT_STREAM, MSGL_ERR, "syntax error, $ number or ( expected\n"); |
9922 | 464 } |
465 | |
466 #ifdef LOG | |
467 printf ("operand done, =%d\n", ret); | |
468 #endif | |
469 | |
470 return ret; | |
471 } | |
472 | |
20697 | 473 |
9922 | 474 static int asmrp_comp_expression (asmrp_t *p) { |
475 | |
476 int a; | |
477 | |
478 #ifdef LOG | |
479 printf ("comp_expression\n"); | |
480 #endif | |
481 | |
482 a = asmrp_operand (p); | |
483 | |
484 while ( (p->sym == ASMRP_SYM_LESS) | |
485 || (p->sym == ASMRP_SYM_LEQ) | |
486 || (p->sym == ASMRP_SYM_EQUALS) | |
487 || (p->sym == ASMRP_SYM_GEQ) | |
488 || (p->sym == ASMRP_SYM_GREATER) ) { | |
489 int op = p->sym; | |
490 int b; | |
491 | |
492 asmrp_get_sym (p); | |
493 | |
494 b = asmrp_operand (p); | |
495 | |
496 switch (op) { | |
497 case ASMRP_SYM_LESS: | |
498 a = a<b; | |
499 break; | |
500 case ASMRP_SYM_LEQ: | |
501 a = a<=b; | |
502 break; | |
503 case ASMRP_SYM_EQUALS: | |
504 a = a==b; | |
505 break; | |
506 case ASMRP_SYM_GEQ: | |
507 a = a>=b; | |
508 break; | |
509 case ASMRP_SYM_GREATER: | |
510 a = a>b; | |
511 break; | |
512 } | |
513 | |
514 } | |
515 | |
516 #ifdef LOG | |
517 printf ("comp_expression done = %d\n", a); | |
518 #endif | |
519 return a; | |
520 } | |
521 | |
522 static int asmrp_condition (asmrp_t *p) { | |
523 | |
524 int a; | |
525 | |
526 #ifdef LOG | |
527 printf ("condition\n"); | |
528 #endif | |
529 | |
530 a = asmrp_comp_expression (p); | |
531 | |
532 while ( (p->sym == ASMRP_SYM_AND) || (p->sym == ASMRP_SYM_OR) ) { | |
533 int op, b; | |
534 | |
535 op = p->sym; | |
536 | |
537 asmrp_get_sym (p); | |
538 | |
539 b = asmrp_comp_expression (p); | |
540 | |
541 switch (op) { | |
542 case ASMRP_SYM_AND: | |
543 a = a & b; | |
544 break; | |
545 case ASMRP_SYM_OR: | |
546 a = a | b; | |
547 break; | |
548 } | |
549 } | |
550 | |
551 #ifdef LOG | |
552 printf ("condition done = %d\n", a); | |
553 #endif | |
554 return a; | |
555 } | |
556 | |
557 static void asmrp_assignment (asmrp_t *p) { | |
558 | |
559 #ifdef LOG | |
560 printf ("assignment\n"); | |
561 #endif | |
562 | |
13203
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
563 if (p->sym == ASMRP_SYM_COMMA || p->sym == ASMRP_SYM_SEMICOLON) { |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
564 #ifdef LOG |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
565 printf ("empty assignment\n"); |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
566 #endif |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
567 return; |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
568 } |
0d38a501c6a5
allow empty assignments, necessary for some weird servers...
reimar
parents:
9922
diff
changeset
|
569 |
9922 | 570 if (p->sym != ASMRP_SYM_ID) { |
20699 | 571 mp_msg(MSGT_STREAM, MSGL_ERR, "error: identifier expected\n"); |
20697 | 572 return; |
9922 | 573 } |
574 asmrp_get_sym (p); | |
575 | |
576 if (p->sym != ASMRP_SYM_EQUALS) { | |
20699 | 577 mp_msg(MSGT_STREAM, MSGL_ERR, "error: = expected\n"); |
20697 | 578 return; |
9922 | 579 } |
580 asmrp_get_sym (p); | |
581 | |
582 if ( (p->sym != ASMRP_SYM_NUM) && (p->sym != ASMRP_SYM_STRING) | |
583 && (p->sym != ASMRP_SYM_ID)) { | |
20699 | 584 mp_msg(MSGT_STREAM, MSGL_ERR, "error: number or string expected\n"); |
20697 | 585 return; |
9922 | 586 } |
587 asmrp_get_sym (p); | |
588 | |
589 #ifdef LOG | |
590 printf ("assignment done\n"); | |
591 #endif | |
592 } | |
593 | |
594 static int asmrp_rule (asmrp_t *p) { | |
595 | |
596 int ret; | |
597 | |
598 #ifdef LOG | |
599 printf ("rule\n"); | |
600 #endif | |
601 | |
602 ret = 1; | |
603 | |
604 if (p->sym == ASMRP_SYM_HASH) { | |
605 | |
606 asmrp_get_sym (p); | |
607 ret = asmrp_condition (p); | |
608 | |
609 while (p->sym == ASMRP_SYM_COMMA) { | |
610 | |
611 asmrp_get_sym (p); | |
612 | |
613 asmrp_assignment (p); | |
614 } | |
615 | |
616 } else if (p->sym != ASMRP_SYM_SEMICOLON) { | |
617 | |
618 asmrp_assignment (p); | |
619 | |
620 while (p->sym == ASMRP_SYM_COMMA) { | |
621 | |
622 asmrp_get_sym (p); | |
623 asmrp_assignment (p); | |
624 } | |
625 } | |
626 | |
627 #ifdef LOG | |
628 printf ("rule done = %d\n", ret); | |
629 #endif | |
630 | |
631 if (p->sym != ASMRP_SYM_SEMICOLON) { | |
20699 | 632 mp_msg(MSGT_STREAM, MSGL_ERR, "semicolon expected.\n"); |
20697 | 633 return ret; |
9922 | 634 } |
635 | |
636 asmrp_get_sym (p); | |
637 | |
638 return ret; | |
639 } | |
640 | |
641 static int asmrp_eval (asmrp_t *p, int *matches) { | |
642 | |
643 int rule_num, num_matches; | |
644 | |
645 #ifdef LOG | |
646 printf ("eval\n"); | |
647 #endif | |
648 | |
649 asmrp_get_sym (p); | |
650 | |
651 rule_num = 0; num_matches = 0; | |
652 while (p->sym != ASMRP_SYM_EOF) { | |
653 | |
654 if (asmrp_rule (p)) { | |
655 #ifdef LOG | |
656 printf ("rule #%d is true\n", rule_num); | |
657 #endif | |
21783
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
658 if(num_matches < MAX_RULEMATCHES - 1) |
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
659 matches[num_matches++] = rule_num; |
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
660 else |
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
661 mp_msg(MSGT_STREAM, MSGL_ERR, |
4511c04bc4a0
Fix potential buffer overflow in asm rules matching code
rtogni
parents:
20701
diff
changeset
|
662 "Ignoring matched asm rule %d, too many matched rules.\n", rule_num); |
9922 | 663 } |
664 | |
665 rule_num++; | |
666 } | |
667 | |
668 matches[num_matches] = -1; | |
669 return num_matches; | |
670 } | |
671 | |
672 int asmrp_match (const char *rules, int bandwidth, int *matches) { | |
673 | |
674 asmrp_t *p; | |
675 int num_matches; | |
676 | |
677 p = asmrp_new (); | |
678 | |
679 asmrp_init (p, rules); | |
680 | |
681 asmrp_set_id (p, "Bandwidth", bandwidth); | |
682 asmrp_set_id (p, "OldPNMPlayer", 0); | |
683 | |
684 num_matches = asmrp_eval (p, matches); | |
685 | |
686 asmrp_dispose (p); | |
687 | |
688 return num_matches; | |
689 } | |
690 |