Mercurial > mplayer.hg
changeset 29594:331320b4557b
Limit amount of data allocated on stack, strlen(filename) is not a good idea for
file name strings that might come from arbitrary playlists, use PATH_MAX instead.
| author | reimar |
|---|---|
| date | Wed, 02 Sep 2009 19:49:10 +0000 |
| parents | 78bb10138aa4 |
| children | 9e014b68ecb9 |
| files | mplayer.c |
| diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mplayer.c Wed Sep 02 19:44:15 2009 +0000 +++ b/mplayer.c Wed Sep 02 19:49:10 2009 +0000 @@ -931,9 +931,13 @@ static void load_per_file_config (m_config_t* conf, const char *const file) { char *confpath; - char cfg[strlen(file)+10]; + char cfg[PATH_MAX]; char *name; + if (strlen(file) > PATH_MAX - 14) { + mp_msg(MSGT_CPLAYER, MSGL_WARN, "Filename is too long, can not load file or directory specific config files\n"); + return; + } sprintf (cfg, "%s.conf", file); name = strrchr(cfg, '/'); @@ -951,7 +955,7 @@ name++; if (use_filedir_conf) { - char dircfg[strlen(file)+14]; + char dircfg[PATH_MAX]; strcpy(dircfg, cfg); strcpy(dircfg + (name - cfg), "mplayer.conf"); try_load_config(conf, dircfg);