# HG changeset patch # User reimar # Date 1351709733 0 # Node ID fe44546ee423989493725ce133e58983cb34b47f # Parent 014d0c671b803b009262866162b107e00b42b186 Replace sprintf with snprintf. To my knowledge the only "real" issue this fixes is that setting certain environment variables to very long strings might have caused overflows. diff -r 014d0c671b80 -r fe44546ee423 stream/stream_cddb.c --- a/stream/stream_cddb.c Wed Oct 31 04:41:32 2012 +0000 +++ b/stream/stream_cddb.c Wed Oct 31 18:55:33 2012 +0000 @@ -111,7 +111,7 @@ CDROM_TOC toc; char device[10]; - sprintf(device, "\\\\.\\%s", dev); + snprintf(device, sizeof(device), "\\\\.\\%s", dev); drive = CreateFile(device, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, 0); @@ -383,7 +383,7 @@ if (reply_parser == NULL || command == NULL || cddb_data == NULL) return -1; - sprintf(request, "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", + snprintf(request, sizeof(request), "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", cddb_data->freedb_server, command, cddb_data->cddb_hello, cddb_data->freedb_proto_level); mp_msg(MSGT_OPEN, MSGL_INFO,"Request[%s]\n", request); @@ -438,7 +438,7 @@ if (cddb_data == NULL || cddb_data->cache_dir == NULL) return -1; - sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); + snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); file_fd = open(file_name, O_RDONLY | O_BINARY); if (file_fd < 0) { @@ -503,7 +503,7 @@ } } - sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); + snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); file_fd = creat(file_name, S_IRUSR | S_IWUSR); if (file_fd < 0) { @@ -590,7 +590,7 @@ static int cddb_request_titles(cddb_data_t *cddb_data) { char command[1024]; - sprintf(command, "cddb+read+%s+%08lx", + snprintf(command, sizeof(command), "cddb+read+%s+%08lx", cddb_data->category, cddb_data->disc_id); return cddb_http_request(command, cddb_read_parse, cddb_data); } @@ -757,7 +757,8 @@ } user_name = getenv("LOGNAME"); } - sprintf(cddb_data->cddb_hello, "&hello=%s+%s+%s", + snprintf(cddb_data->cddb_hello, sizeof(cddb_data->cddb_hello), + "&hello=%s+%s+%s", user_name, host_name, mplayer_version); } @@ -770,8 +771,9 @@ ptr = offsets; for (i = 0; i < cddb_data->tracks ; i++) { - ptr += sprintf(ptr, "%d+", cdtoc[i].frame); - if (ptr-offsets > sizeof offsets - 40) break; + unsigned space = sizeof(offsets) - (ptr - offsets); + if (space < 40) break; + ptr += snprintf(ptr, space, "%d+", cdtoc[i].frame); } ptr[0] = 0; time_len = (cdtoc[cddb_data->tracks].frame)/75; @@ -787,7 +789,7 @@ return -1; } - sprintf(command, "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, + snprintf(command, sizeof(command), "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, cddb_data->tracks, offsets, time_len); ret = cddb_http_request(command, cddb_query_parse, cddb_data); if (ret < 0) @@ -838,13 +840,13 @@ if (home_dir == NULL) { cddb_data.cache_dir = NULL; } else { - cddb_data.cache_dir = malloc(strlen(home_dir) - + strlen(cddb_cache_dir) + 1); + unsigned len = strlen(home_dir) + strlen(cddb_cache_dir) + 1; + cddb_data.cache_dir = malloc(len); if (cddb_data.cache_dir == NULL) { mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_MemAllocFailed); return -1; } - sprintf(cddb_data.cache_dir, "%s%s", home_dir, cddb_cache_dir); + snprintf(cddb_data.cache_dir, len, "%s%s", home_dir, cddb_cache_dir); } // Check for a cached file