Fix crash on some DVDs

sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef",
in this case this leads to local array buffer overflow and hard to trace stack corruption.
The quick, easy & durty solution is to use (unsigned char) or (uint8_t)
Fixes Bugzilla 860 & 845


git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@23728 b3059339-0415-0410-9bf9-f77b7e298cf2

1 files changed, 3 insertions, 2 deletions

diff --git a/libdvdcss/libdvdcss.c b/libdvdcss/libdvdcss.c
index dcc777de70..90795d2b36 100644
--- a/libdvdcss/libdvdcss.c
+++ b/libdvdcss/libdvdcss.c
@@ -404,7 +404,8 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
         uint8_t p_sector[DVDCSS_BLOCK_SIZE];
         char psz_debug[PATH_MAX + 30];
         char psz_key[1 + KEY_SIZE * 2 + 1];
-        char *psz_title, *psz_serial;
+        char *psz_title;
+        uint8_t *psz_serial;
         int i;
 
         /* We read sector 0. If it starts with 0x000001ba (BE), we are
@@ -462,7 +463,7 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
         }
 
         /* Get the date + serial */
-        psz_serial = (char *)p_sector + 813;
+        psz_serial = p_sector + 813;
         psz_serial[16] = '\0';
 
         /* Check that all characters are digits, otherwise convert. */