Mercurial > mplayer.hg
changeset 12646:9a495bdc3a1e
string handling security fixes
patch by Nicholas Kain, Alexander Strasser <eclipse7@gmx.net>
reviewed by Pontscho, Alex, Rich
author | diego |
---|---|
date | Fri, 25 Jun 2004 16:49:53 +0000 |
parents | 3841ef14a481 |
children | b910efb11192 |
files | Gui/interface.c Gui/mplayer/common.c Gui/skin/font.c Gui/skin/skin.c configure libmenu/menu_console.c libmpdemux/cue_read.c libvo/vo_dxr3.c osdep/Makefile osdep/strl.c playtree.c subreader.c vidix/vidixlib.c |
diffstat | 13 files changed, 214 insertions(+), 84 deletions(-) [+] |
line wrap: on
line diff
--- a/Gui/interface.c Fri Jun 25 16:43:34 2004 +0000 +++ b/Gui/interface.c Fri Jun 25 16:49:53 2004 +0000 @@ -54,8 +54,12 @@ if ( *dest ) { tmp=malloc( strlen( *dest ) + strlen( src ) + 1 ); - strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest ); - } + + if ( tmp ) /* TODO: advanced error handling */ + { + strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest ); + } + } else { tmp=malloc( strlen( src ) + 1 ); strcpy( tmp,src ); } *dest=tmp;
--- a/Gui/mplayer/common.c Fri Jun 25 16:43:34 2004 +0000 +++ b/Gui/mplayer/common.c Fri Jun 25 16:49:53 2004 +0000 @@ -32,35 +32,39 @@ extern unsigned int GetTimerMS( void ); -inline void TranslateFilename( int c,char * tmp ) +inline void TranslateFilename( int c,char * tmp,size_t tmplen ) { int i; + char * p; + switch ( guiIntfStruct.StreamType ) { case STREAMTYPE_STREAM: - strcpy( tmp,guiIntfStruct.Filename ); + strlcpy(tmp, guiIntfStruct.Filename, tmplen); break; case STREAMTYPE_FILE: if ( ( guiIntfStruct.Filename )&&( guiIntfStruct.Filename[0] ) ) { - if ( strrchr( guiIntfStruct.Filename,'/' ) ) strncpy( tmp,strrchr( guiIntfStruct.Filename,'/' ) + 1, 511 ); - else strncpy( tmp,guiIntfStruct.Filename , 511); + if ( p = strrchr(guiIntfStruct.Filename, '/') ) + strlcpy(tmp, p + 1, tmplen); + else + strlcpy(tmp, guiIntfStruct.Filename, tmplen); if ( tmp[strlen( tmp ) - 4] == '.' ) tmp[strlen( tmp ) - 4]=0; if ( tmp[strlen( tmp ) - 5] == '.' ) tmp[strlen( tmp ) - 5]=0; - } else strcpy( tmp,MSGTR_NoFileLoaded ); + } else strlcpy( tmp,MSGTR_NoFileLoaded,tmplen ); break; #ifdef USE_DVDREAD case STREAMTYPE_DVD: - if ( guiIntfStruct.DVD.current_chapter ) sprintf( tmp,MSGTR_Chapter,guiIntfStruct.DVD.current_chapter ); - else strcat( tmp,MSGTR_NoChapter ); + if ( guiIntfStruct.DVD.current_chapter ) snprintf(tmp,tmplen,MSGTR_Chapter,guiIntfStruct.DVD.current_chapter ); + else strlcat( tmp,MSGTR_NoChapter,tmplen ); break; #endif #ifdef HAVE_VCD case STREAMTYPE_VCD: - sprintf( tmp,MSGTR_VCDTrack,guiIntfStruct.Track ); + snprintf( tmp,tmplen,MSGTR_VCDTrack,guiIntfStruct.Track ); break; #endif - default: strcpy( tmp,MSGTR_NoMediaOpened ); + default: strlcpy( tmp,MSGTR_NoMediaOpened,tmplen ); } if ( c ) { @@ -74,75 +78,94 @@ } } +/* Unsafe! Pass only null-terminated strings as (char *)str. */ char * Translate( char * str ) { static char trbuf[512]; char tmp[512]; int i,c; int t; + int strsize = 0; memset( trbuf,0,512 ); memset( tmp,0,128 ); - for ( c=0,i=0;i < (int)strlen( str );i++ ) + strsize = strlen(str); + for ( c=0,i=0;i < strsize;i++ ) { if ( str[i] != '$' ) { trbuf[c++]=str[i]; trbuf[c]=0; } else { switch ( str[++i] ) { - case 't': sprintf( tmp,"%02d",guiIntfStruct.Track ); strcat( trbuf,tmp ); break; - case 'o': TranslateFilename( 0,tmp ); strcat( trbuf,tmp ); break; - case 'f': TranslateFilename( 1,tmp ); strcat( trbuf,tmp ); break; - case 'F': TranslateFilename( 2,tmp ); strcat( trbuf,tmp ); break; + case 't': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.Track ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'o': TranslateFilename( 0,tmp,sizeof( tmp ) ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'f': TranslateFilename( 1,tmp,sizeof( tmp ) ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'F': TranslateFilename( 2,tmp,sizeof( tmp ) ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; case '6': t=guiIntfStruct.LengthInSec; goto calclengthhhmmss; case '1': t=guiIntfStruct.TimeSec; calclengthhhmmss: - sprintf( tmp,"%02d:%02d:%02d",t/3600,t/60%60,t%60 ); strcat( trbuf,tmp ); + snprintf( tmp,sizeof( tmp ),"%02d:%02d:%02d",t/3600,t/60%60,t%60 ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; case '7': t=guiIntfStruct.LengthInSec; goto calclengthmmmmss; case '2': t=guiIntfStruct.TimeSec; calclengthmmmmss: - sprintf( tmp,"%04d:%02d",t/60,t%60 ); strcat( trbuf,tmp ); + snprintf( tmp,sizeof( tmp ),"%04d:%02d",t/60,t%60 ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; - case '3': sprintf( tmp,"%02d",guiIntfStruct.TimeSec / 3600 ); strcat( trbuf,tmp ); break; - case '4': sprintf( tmp,"%02d",( ( guiIntfStruct.TimeSec / 60 ) % 60 ) ); strcat( trbuf,tmp ); break; - case '5': sprintf( tmp,"%02d",guiIntfStruct.TimeSec % 60 ); strcat( trbuf,tmp ); break; - case '8': sprintf( tmp,"%01d:%02d:%02d",guiIntfStruct.TimeSec / 3600,( guiIntfStruct.TimeSec / 60 ) % 60,guiIntfStruct.TimeSec % 60 ); strcat( trbuf,tmp ); break; - case 'v': sprintf( tmp,"%3.2f%%",guiIntfStruct.Volume ); strcat( trbuf,tmp ); break; - case 'V': sprintf( tmp,"%3.1f",guiIntfStruct.Volume ); strcat( trbuf,tmp ); break; - case 'b': sprintf( tmp,"%3.2f%%",guiIntfStruct.Balance ); strcat( trbuf,tmp ); break; - case 'B': sprintf( tmp,"%3.1f",guiIntfStruct.Balance ); strcat( trbuf,tmp ); break; - case 'd': sprintf( tmp,"%d",guiIntfStruct.FrameDrop ); strcat( trbuf,tmp ); break; - case 'x': sprintf( tmp,"%d",guiIntfStruct.MovieWidth ); strcat( trbuf,tmp ); break; - case 'y': sprintf( tmp,"%d",guiIntfStruct.MovieHeight ); strcat( trbuf,tmp ); break; - case 'C': sprintf( tmp,"%s", guiIntfStruct.sh_video? ((sh_video_t *)guiIntfStruct.sh_video)->codec->name : ""); - strcat( trbuf,tmp ); break; - case 's': if ( guiIntfStruct.Playing == 0 ) strcat( trbuf,"s" ); break; - case 'l': if ( guiIntfStruct.Playing == 1 ) strcat( trbuf,"p" ); break; - case 'e': if ( guiIntfStruct.Playing == 2 ) strcat( trbuf,"e" ); break; + case '3': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.TimeSec / 3600 ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case '4': snprintf( tmp,sizeof( tmp ),"%02d",( ( guiIntfStruct.TimeSec / 60 ) % 60 ) ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case '5': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.TimeSec % 60 ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case '8': snprintf( tmp,sizeof( tmp ),"%01d:%02d:%02d",guiIntfStruct.TimeSec / 3600,( guiIntfStruct.TimeSec / 60 ) % 60,guiIntfStruct.TimeSec % 60 ); strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'v': snprintf( tmp,sizeof( tmp ),"%3.2f%%",guiIntfStruct.Volume ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'V': snprintf( tmp,sizeof( tmp ),"%3.1f",guiIntfStruct.Volume ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'b': snprintf( tmp,sizeof( tmp ),"%3.2f%%",guiIntfStruct.Balance ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'B': snprintf( tmp,sizeof( tmp ),"%3.1f",guiIntfStruct.Balance ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'd': snprintf( tmp,sizeof( tmp ),"%d",guiIntfStruct.FrameDrop ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'x': snprintf( tmp,sizeof( tmp ),"%d",guiIntfStruct.MovieWidth ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'y': snprintf( tmp,sizeof( tmp ),"%d",guiIntfStruct.MovieHeight ); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 'C': snprintf( tmp,sizeof( tmp ),"%s", guiIntfStruct.sh_video? ((sh_video_t *)guiIntfStruct.sh_video)->codec->name : ""); + strlcat( trbuf,tmp,sizeof( trbuf ) ); break; + case 's': if ( guiIntfStruct.Playing == 0 ) strlcat( trbuf,"s",sizeof( trbuf ) ); break; + case 'l': if ( guiIntfStruct.Playing == 1 ) strlcat( trbuf,"p",sizeof( trbuf ) ); break; + case 'e': if ( guiIntfStruct.Playing == 2 ) strlcat( trbuf,"e",sizeof( trbuf ) ); break; case 'a': - if ( muted ) { strcat( trbuf,"n" ); break; } + if ( muted ) { strlcat( trbuf,"n",sizeof( trbuf ) ); break; } switch ( guiIntfStruct.AudioType ) { - case 0: strcat( trbuf,"n" ); break; - case 1: strcat( trbuf,"m" ); break; - case 2: strcat( trbuf,"t" ); break; + case 0: strlcat( trbuf,"n",sizeof( trbuf ) ); break; + case 1: strlcat( trbuf,"m",sizeof( trbuf ) ); break; + case 2: strlcat( trbuf,"t",sizeof( trbuf ) ); break; } break; case 'T': switch ( guiIntfStruct.StreamType ) { - case STREAMTYPE_FILE: strcat( trbuf,"f" ); break; + case STREAMTYPE_FILE: strlcat( trbuf,"f",sizeof( trbuf ) ); break; #ifdef HAVE_VCD - case STREAMTYPE_VCD: strcat( trbuf,"v" ); break; + case STREAMTYPE_VCD: strlcat( trbuf,"v",sizeof( trbuf ) ); break; #endif - case STREAMTYPE_STREAM: strcat( trbuf,"u" ); break; + case STREAMTYPE_STREAM: strlcat( trbuf,"u",sizeof( trbuf ) ); break; #ifdef USE_DVDREAD - case STREAMTYPE_DVD: strcat( trbuf,"d" ); break; + case STREAMTYPE_DVD: strlcat( trbuf,"d",sizeof( trbuf ) ); break; #endif - default: strcat( trbuf," " ); break; + default: strlcat( trbuf," ",sizeof( trbuf ) ); break; } break; - case '$': strcat( trbuf,"$" ); break; + case '$': strlcat( trbuf,"$",sizeof( trbuf ) ); break; default: continue; } c=strlen( trbuf );
--- a/Gui/skin/font.c Fri Jun 25 16:43:34 2004 +0000 +++ b/Gui/skin/font.c Fri Jun 25 16:49:53 2004 +0000 @@ -27,7 +27,7 @@ if ( ( Fonts[id]=calloc( 1,sizeof( bmpFont ) ) ) == NULL ) return -1; - strcpy( Fonts[id]->name,name ); + strlcpy( Fonts[id]->name,name,128 ); // FIXME: as defined in font.h for ( i=0;i<256;i++ ) Fonts[id]->Fnt[i].x=Fonts[id]->Fnt[i].y=Fonts[id]->Fnt[i].sx=Fonts[id]->Fnt[i].sy=-1; @@ -60,7 +60,8 @@ if ( id < 0 ) return id; - strcpy( tmp,path ); strcat( tmp,fname ); strcat( tmp,".fnt" ); + strlcpy( tmp,path,sizeof( tmp ) ); + strlcat( tmp,fname,sizeof( tmp ) ); strlcat( tmp,".fnt",sizeof( tmp ) ); if ( ( f=fopen( tmp,"rt" ) ) == NULL ) { free( Fonts[id] ); return -3; } @@ -93,7 +94,7 @@ { if ( !strcmp( command,"image" ) ) { - strcpy( tmp,path ); strcat( tmp,param ); + strlcpy( tmp,path,sizeof( tmp ) ); strlcat( tmp,param,sizeof( tmp ) ); mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[font] font imagefile: %s\n",tmp ); if ( skinBPRead( tmp,&Fonts[id]->Bitmap ) ) return -4; }
--- a/Gui/skin/skin.c Fri Jun 25 16:43:34 2004 +0000 +++ b/Gui/skin/skin.c Fri Jun 25 16:49:53 2004 +0000 @@ -116,7 +116,7 @@ { CHECKDEFLIST( "window" ); - strcpy( window_name,strlower( in ) ); + strlcpy( window_name,strlower( in ),sizeof( window_name ) ); if ( !strncmp( in,"main",4 ) ) { currSection=&skinAppMPlayer->main; currSubItem=&skinAppMPlayer->NumberOfItems; currSubItems=skinAppMPlayer->Items; } else if ( !strncmp( in,"sub",3 ) ) currSection=&skinAppMPlayer->sub; else if ( !strncmp( in,"playbar",7 ) ) { currSection=&skinAppMPlayer->bar; currSubItem=&skinAppMPlayer->NumberOfBarItems; currSubItems=skinAppMPlayer->barItems; } @@ -147,7 +147,7 @@ defList->main.x=x; defList->main.y=y; defList->main.type=itBase; - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); if ( skinBPRead( tmp,&defList->main.Bitmap ) ) return 1; defList->main.width=defList->main.Bitmap.Width; defList->main.height=defList->main.Bitmap.Height; @@ -162,7 +162,7 @@ if ( !strcmp( window_name,"sub" ) ) { defList->sub.type=itBase; - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); if ( skinBPRead( tmp,&defList->sub.Bitmap ) ) return 1; defList->sub.x=x; defList->sub.y=y; @@ -179,7 +179,7 @@ { defList->menuIsPresent=1; defList->menuBase.type=itBase; - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); if ( skinBPRead( tmp,&defList->menuBase.Bitmap ) ) return 1; defList->menuBase.width=defList->menuBase.Bitmap.Width; defList->menuBase.height=defList->menuBase.Bitmap.Height; @@ -197,7 +197,7 @@ defList->bar.x=x; defList->bar.y=y; defList->bar.type=itBase; - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); if ( skinBPRead( tmp,&defList->bar.Bitmap ) ) return 1; defList->bar.width=defList->bar.Bitmap.Width; defList->bar.height=defList->bar.Bitmap.Height; @@ -268,7 +268,7 @@ currSubItems[ *currSubItem ].Bitmap.Image=NULL; if ( strcmp( fname,"NULL" ) ) { - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); if ( skinBPRead( tmp,&currSubItems[ *currSubItem ].Bitmap ) ) return 1; } @@ -289,7 +289,7 @@ cutItem( in,fname,',',0 ); defList->menuSelected.type=itBase; - strcpy( tmp,path ); strcat( tmp,fname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, fname, sizeof( tmp )); mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"\n[skin] selected: %s\n",fname ); if ( skinBPRead( tmp,&defList->menuSelected.Bitmap ) ) return 1; defList->menuSelected.width=defList->menuSelected.Bitmap.Width; @@ -381,14 +381,14 @@ item->Bitmap.Image=NULL; if ( strcmp( phfname,"NULL" ) ) { - strcpy( tmp,path ); strcat( tmp,phfname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, phfname, sizeof( tmp )); if ( skinBPRead( tmp,&item->Bitmap ) ) return 1; } item->Mask.Image=NULL; if ( strcmp( pfname,"NULL" ) ) { - strcpy( tmp,path ); strcat( tmp,pfname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, pfname, sizeof( tmp )); if ( skinBPRead( tmp,&item->Mask ) ) return 1; } return 0; @@ -445,7 +445,7 @@ item->Bitmap.Image=NULL; if ( strcmp( phfname,"NULL" ) ) { - strcpy( tmp,path ); strcat( tmp,phfname ); + strlcpy(tmp, path, sizeof( tmp )); strlcat(tmp, phfname, sizeof( tmp )); if ( skinBPRead( tmp,&item->Bitmap ) ) return 1; } return 0; @@ -655,7 +655,12 @@ FILE * skinFile; void setname( char * item1, char * item2 ) -{ strcpy( fn,item1 ); strcat( fn,"/" ); strcat( fn,item2 ); strcpy( path,fn ); strcat( path,"/" ); strcat( fn,"/skin" ); } +{ + strlcpy(fn, item1, sizeof( fn )); + strlcat(fn, "/", sizeof( fn )); strlcat(fn, item2, sizeof( fn )); + strlcpy(path, fn, sizeof( path )); strlcat(path, "/", sizeof( path )); + strlcat(fn, "/skin", sizeof( fn )); +} int skinRead( char * dname ) {
--- a/configure Fri Jun 25 16:43:34 2004 +0000 +++ b/configure Fri Jun 25 16:49:53 2004 +0000 @@ -2712,6 +2712,34 @@ fi echores "$_strsep" +echocheck "strlcpy()" +cat > $TMPC << EOF +#include <string.h> +int main (void) { char *s = "Hello, world!", t[20]; (void) strlcpy(t, s, sizeof( t )); return 0; } +EOF +_strlcpy=no +cc_check && _strlcpy=yes +if test "$_strlcpy" = yes ; then + _def_strlcpy='#define HAVE_STRLCPY 1' +else + _def_strlcpy='#undef HAVE_STRLCPY' +fi +echores "$_strlcpy" + +echocheck "strlcat()" +cat > $TMPC << EOF +#include <string.h> +int main (void) { char *s = "Hello, world!", t[20]; (void) strlcat(t, s, sizeof( t )); return 0; } +EOF +_strlcat=no +cc_check && _strlcat=yes +if test "$_strlcat" = yes ; then + _def_strlcat='#define HAVE_STRLCAT 1' +else + _def_strlcat='#undef HAVE_STRLCAT' +fi +echores "$_strlcat" + echocheck "fseeko()" cat > $TMPC << EOF #include <stdio.h> @@ -6336,6 +6364,18 @@ /* Define this if your system has strsep */ $_def_strsep +/* Define this if your system has strlcpy */ +$_def_strlcpy +#ifndef HAVE_STRLCPY +unsigned int strlcpy (char *dest, char *src, unsigned int size); +#endif + +/* Define this if your system has strlcat */ +$_def_strlcat +#ifndef HAVE_STRLCAT +unsigned int strlcat (char *dest, char *src, unsigned int size); +#endif + /* Define this if your system has fseeko */ $_def_fseeko #ifndef HAVE_FSEEKO
--- a/libmenu/menu_console.c Fri Jun 25 16:43:34 2004 +0000 +++ b/libmenu/menu_console.c Fri Jun 25 16:49:53 2004 +0000 @@ -150,8 +150,10 @@ return; } priv->lines[ll] = realloc(priv->lines[ll],strlen(priv->lines[ll]) + strlen(l) + 1); - strcat(priv->lines[ll],l); - + if ( priv->lines[ll] != NULL ) + { + strcat(priv->lines[ll],l); + } } static void draw(menu_t* menu, mp_image_t* mpi) {
--- a/libmpdemux/cue_read.c Fri Jun 25 16:43:34 2004 +0000 +++ b/libmpdemux/cue_read.c Fri Jun 25 16:49:53 2004 +0000 @@ -135,6 +135,10 @@ +/* FIXME: the string operations ( strcpy,strcat ) below depend + * on the arrays to have the same size, thus we need to make + * sure the sizes are in sync. + */ int cue_find_bin (char *firstline) { int i,j; char s[256]; @@ -178,7 +182,7 @@ bin_filename); /* now try to find it with the path of the cue file */ - sprintf(s,"%s/%s",bincue_path, bin_filename); + snprintf(s,sizeof( s ),"%s/%s",bincue_path,bin_filename); fd_bin = open (s, O_RDONLY); if (fd_bin == -1) { @@ -195,7 +199,7 @@ "[bincue] bin filename tested: %s\n", s); /* ok try it with path */ - sprintf(t,"%s/%s",bincue_path, s); + snprintf(t, sizeof( t ), "%s/%s", bincue_path, s); fd_bin = open (t, O_RDONLY); if (fd_bin == -1) { @@ -211,7 +215,7 @@ mp_msg(MSGT_OPEN,MSGL_STATUS, "[bincue] bin filename tested: %s \n", s); /* ok try it with path */ - sprintf(t,"%s/%s",bincue_path, s); + snprintf(t, sizeof( t ), "%s/%s", bincue_path, s); fd_bin = open (t, O_RDONLY); if (fd_bin == -1) { @@ -299,15 +303,16 @@ strcpy(t, "/"); } printf ("dirname: %s\n", t); - strcpy(bincue_path,t); + strlcpy(bincue_path,t,sizeof( bincue_path )); /* no path at all? */ if (strcmp(bincue_path, ".") == 0) { printf ("bincue_path: %s\n", bincue_path); - strcpy(cue_filename,in_cue_filename); + strlcpy(cue_filename,in_cue_filename,sizeof( cue_filename )); } else { - strcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1); + strlcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1, + sizeof( cue_filename )); }
--- a/libvo/vo_dxr3.c Fri Jun 25 16:43:34 2004 +0000 +++ b/libvo/vo_dxr3.c Fri Jun 25 16:49:53 2004 +0000 @@ -175,12 +175,14 @@ int dxr3_device_num = 0; int dxr3_norm = 0; +#define MAX_STR_SIZE 80 /* length for the static strings */ + /* File descriptors */ static int fd_control = -1; static int fd_video = -1; static int fd_spu = -1; -static char fdv_name[80]; -static char fds_name[80]; +static char fdv_name[MAX_STR_SIZE]; +static char fds_name[MAX_STR_SIZE]; #ifdef SPU_SUPPORT /* on screen display/subpics */ @@ -865,7 +867,7 @@ static uint32_t preinit(const char *arg) { - char devname[80]; + char devname[MAX_STR_SIZE]; int fdflags = O_WRONLY; /* Parse commandline */ @@ -1136,13 +1138,13 @@ int j; if(!p) { - strcpy(fname,getenv("HOME")); - strcat(fname,"/.overlay"); + strlcpy(fname, getenv("HOME"), sizeof( fname )); + strlcat(fname,"/.overlay", sizeof( fname )); } else - strcpy(fname,p); + strlcpy(fname, p, sizeof( fname )); sprintf(tmp,"/res_%dx%dx%d",o->xres,o->yres,o->depth); - strcat(fname,tmp); + strlcat(fname, tmp, sizeof( fname )); if(!(fp=fopen(fname,"r"))) return -1; @@ -1199,10 +1201,10 @@ int i,j; if(!p) { - strcpy(fname,getenv("HOME")); - strcat(fname,"/.overlay"); + strlcpy(fname, getenv("HOME"), sizeof( fname )); + strlcat(fname,"/.overlay", sizeof( fname )); } else - strcpy(fname,p); + strlcpy(fname, p, sizeof( fname )); if(access(fname, W_OK|X_OK|R_OK)) { if(mkdir(fname,0766)) @@ -1210,7 +1212,7 @@ } sprintf(tmp,"/res_%dx%dx%d",o->xres,o->yres,o->depth); - strcat(fname,tmp); + strlcat(fname, tmp, sizeof( fname )); if(!(fp=fopen(fname,"w"))) return -1;
--- a/osdep/Makefile Fri Jun 25 16:43:34 2004 +0000 +++ b/osdep/Makefile Fri Jun 25 16:49:53 2004 +0000 @@ -3,7 +3,8 @@ LIBNAME = libosdep.a -SRCS= shmem.c strsep.c vsscanf.c scandir.c gettimeofday.c fseeko.c # timer.c +SRCS= shmem.c strsep.c strl.c vsscanf.c scandir.c gettimeofday.c fseeko.c \ + # timer.c ifeq ($(TARGET_ARCH_X86),yes) ifeq ($(TARGET_OS),Linux)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/osdep/strl.c Fri Jun 25 16:49:53 2004 +0000 @@ -0,0 +1,47 @@ +/* strl(cat|cpy) implementation for systems that do not have it in libc */ +/* strl.c - strlcpy/strlcat implementation + * Time-stamp: <2004-03-14 njk> + * (C) 2003-2004 Nicholas J. Kain <njk@aerifal.cx> + */ + +#include "../config.h" + +#ifndef HAVE_STRLCPY +unsigned int strlcpy (char *dest, char *src, unsigned int size) +{ + register unsigned int i; + + for (i=0; size > 0 && src[i] != '\0'; ++i, size--) + dest[i] = src[i]; + + dest[i] = '\0'; + + return i; +} +#endif + +#ifndef HAVE_STRLCAT +unsigned int strlcat (char *dest, char *src, unsigned int size) +{ +#if 0 + register unsigned int i, j; + + for(i=0; size > 0 && dest[i] != '\0'; size--, i++); + for(j=0; size > 0 && src[j] != '\0'; size--, i++, j++) + dest[i] = src[j]; + + dest[i] = '\0'; + return i; +#else + register char *d = dest, *s = src; + + for (; size > 0 && *d != '\0'; size--, d++); + for (; size > 0 && *s != '\0'; size--, d++, s++) + *d = *s; + + *d = '\0'; + return (d - dest) + (s - src); +#endif +} +#endif +
--- a/playtree.c Fri Jun 25 16:43:34 2004 +0000 +++ b/playtree.c Fri Jun 25 16:49:53 2004 +0000 @@ -936,7 +936,7 @@ void pt_add_gui_file(play_tree_t** ppt, char* path, char* file) { - char* wholename = malloc(strlen(path)+strlen(file)+3); + char* wholename = malloc(strlen(path)+strlen(file)+2); if (wholename) {
--- a/subreader.c Fri Jun 25 16:43:34 2004 +0000 +++ b/subreader.c Fri Jun 25 16:49:53 2004 +0000 @@ -1133,7 +1133,7 @@ while (l){ char *ip = icbuffer; char *op = sub->text[--l]; - strcpy(ip, op); + strlcpy(ip, op, ICBUFFSIZE); ileft = strlen(ip); oleft = ICBUFFSIZE - 1;
--- a/vidix/vidixlib.c Fri Jun 25 16:43:34 2004 +0000 +++ b/vidix/vidixlib.c Fri Jun 25 16:49:53 2004 +0000 @@ -122,8 +122,8 @@ unsigned (*_ver)(void); int (*_probe)(int,int); int (*_cap)(vidix_capability_t*); - strcpy(drv_name,path); - strcat(drv_name,name); + strlcpy(drv_name,path, sizeof( drv_name )); + strlcat(drv_name,name, sizeof( drv_name )); if(verbose) printf("vidixlib: PROBING: %s\n",drv_name); if(!(t_vdl(stream)->handle = dlopen(drv_name,RTLD_LAZY|RTLD_GLOBAL))) { @@ -194,8 +194,8 @@ unsigned (*ver)(void); int (*probe)(int,int); unsigned version = 0; - strcpy(drv_name,path); - strcat(drv_name,name); + strlcpy(drv_name,path, sizeof( drv_name )); + strlcat(drv_name,name, sizeof( drv_name )); if(!(t_vdl(stream)->handle = dlopen(drv_name,RTLD_NOW|RTLD_GLOBAL))) { if (verbose)