potentially exploitable buffer overflow with maliciously crafted cd toc

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12290 b3059339-0415-0410-9bf9-f77b7e298cf2
author: rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2> 2004-04-26 09:33:35 +0000
committer: rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2> 2004-04-26 09:33:35 +0000
commit: b04d1313a85844d056a33fb27509b877703978b6 (patch)
tree: 870145e8f3cea98b14b14b48b4c652cf01669d55
parent: d574a77cf33244d2cb9b0282956bb915835cd745 (diff)
download: mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.bz2
mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/libmpdemux/cddb.c b/libmpdemux/cddb.c
index 5af6735dd2..0192277081 100644
--- a/libmpdemux/cddb.c
+++ b/libmpdemux/cddb.c
@@ -587,6 +587,7 @@ cddb_retrieve(cddb_data_t *cddb_data) {
 	ptr = offsets;
 	for( i=0; i<cddb_data->tracks ; i++ ) {
 		ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+		if (ptr-offsets > sizeof offsets - 40) break;
 	}
 	ptr[0]=0;
 	time_len = (cdtoc[cddb_data->tracks].frame)/75;
author	rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2>	2004-04-26 09:33:35 +0000
committer	rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2>	2004-04-26 09:33:35 +0000
commit	b04d1313a85844d056a33fb27509b877703978b6 (patch)
tree	870145e8f3cea98b14b14b48b4c652cf01669d55
parent	d574a77cf33244d2cb9b0282956bb915835cd745 (diff)
download	mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.bz2 mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.xz