diff options
author | rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2004-04-26 09:33:35 +0000 |
---|---|---|
committer | rfelker <rfelker@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2004-04-26 09:33:35 +0000 |
commit | b04d1313a85844d056a33fb27509b877703978b6 (patch) | |
tree | 870145e8f3cea98b14b14b48b4c652cf01669d55 /libmpdemux/cddb.c | |
parent | d574a77cf33244d2cb9b0282956bb915835cd745 (diff) | |
download | mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.bz2 mpv-b04d1313a85844d056a33fb27509b877703978b6.tar.xz |
potentially exploitable buffer overflow with maliciously crafted cd toc
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12290 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'libmpdemux/cddb.c')
-rw-r--r-- | libmpdemux/cddb.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libmpdemux/cddb.c b/libmpdemux/cddb.c index 5af6735dd2..0192277081 100644 --- a/libmpdemux/cddb.c +++ b/libmpdemux/cddb.c @@ -587,6 +587,7 @@ cddb_retrieve(cddb_data_t *cddb_data) { ptr = offsets; for( i=0; i<cddb_data->tracks ; i++ ) { ptr += sprintf(ptr, "%d+", cdtoc[i].frame ); + if (ptr-offsets > sizeof offsets - 40) break; } ptr[0]=0; time_len = (cdtoc[cddb_data->tracks].frame)/75; |