Mercurial > mplayer.hg

changeset 25796:b771a94d94a7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Prevent possible buffer overflow on album_title[] Based on a patch by Adam Bozanich abozanich musecurity com
author rtogni
date Sun, 20 Jan 2008 20:58:02 +0000
parents e96b4070ba66
children 89f34e147606
files stream/stream_cddb.c
diffstat 1 files changed, 5 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/stream/stream_cddb.c	Sun Jan 20 20:43:46 2008 +0000
+++ b/stream/stream_cddb.c	Sun Jan 20 20:58:02 2008 +0000
@@ -58,6 +58,7 @@
 #include "version.h"
 #include "stream.h"
 #include "network.h"
+#include "libavutil/intreadwrite.h"
 
 #define DEFAULT_FREEDB_SERVER	"freedb.freedb.org"
 #define DEFAULT_CACHE_DIR	"/.cddb/"
@@ -503,8 +504,9 @@
 		} else {
 			len = ptr2-ptr+1;
 		}
+		len = FFMIN(sizeof(album_title) - 1, len);
 		strncpy(album_title, ptr, len);
-		album_title[len-2]='\0';
+		album_title[len]='\0';
 	}
 	mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
 	return 0;
@@ -540,8 +542,9 @@
 				} else {
 					len = ptr2-ptr+1;
 				}
+				len = FFMIN(sizeof(album_title) - 1, len);
 				strncpy(album_title, ptr, len);
-				album_title[len-2]='\0';
+				album_title[len]='\0';
 			}
 			mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
 			return cddb_request_titles(cddb_data);