# HG changeset patch
# User reimar
# Date 1251920950 0
# Node ID 331320b4557b60b131d5afa4812e59f492f5cd99
# Parent  78bb10138aa44be816c5580496dd9bed34e32521
Limit amount of data allocated on stack, strlen(filename) is not a good idea for
file name strings that might come from arbitrary playlists, use PATH_MAX instead.

diff -r 78bb10138aa4 -r 331320b4557b mplayer.c
--- a/mplayer.c	Wed Sep 02 19:44:15 2009 +0000
+++ b/mplayer.c	Wed Sep 02 19:49:10 2009 +0000
@@ -931,9 +931,13 @@
 static void load_per_file_config (m_config_t* conf, const char *const file)
 {
     char *confpath;
-    char cfg[strlen(file)+10];
+    char cfg[PATH_MAX];
     char *name;
 
+    if (strlen(file) > PATH_MAX - 14) {
+        mp_msg(MSGT_CPLAYER, MSGL_WARN, "Filename is too long, can not load file or directory specific config files\n");
+        return;
+    }
     sprintf (cfg, "%s.conf", file);
 
     name = strrchr(cfg, '/');
@@ -951,7 +955,7 @@
 	name++;
 
     if (use_filedir_conf) {
-        char dircfg[strlen(file)+14];
+        char dircfg[PATH_MAX];
         strcpy(dircfg, cfg);
         strcpy(dircfg + (name - cfg), "mplayer.conf");
         try_load_config(conf, dircfg);