diff options
| author | diego <diego@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2004-06-25 16:49:53 +0000 |
|---|---|---|
| committer | diego <diego@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2004-06-25 16:49:53 +0000 |
| commit | 42b784ac1a0c71e7d494db68ff700101461f840f (patch) | |
| tree | 5f64d2b91ff78cbb9454456f0b9203faf1812d7e /libmpdemux/cue_read.c | |
| parent | 80f2b9c5a68d9899965fc30001807cd827ca4174 (diff) | |
| download | mpv-42b784ac1a0c71e7d494db68ff700101461f840f.tar.bz2 mpv-42b784ac1a0c71e7d494db68ff700101461f840f.tar.xz | |
string handling security fixes
patch by Nicholas Kain, Alexander Strasser <eclipse7@gmx.net>
reviewed by Pontscho, Alex, Rich
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12647 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'libmpdemux/cue_read.c')
| -rw-r--r-- | libmpdemux/cue_read.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/libmpdemux/cue_read.c b/libmpdemux/cue_read.c index ae43a789b2..11e4213b02 100644 --- a/libmpdemux/cue_read.c +++ b/libmpdemux/cue_read.c @@ -135,6 +135,10 @@ int cue_getTrackinfo(char *Line, tTrack *track) +/* FIXME: the string operations ( strcpy,strcat ) below depend + * on the arrays to have the same size, thus we need to make + * sure the sizes are in sync. + */ int cue_find_bin (char *firstline) { int i,j; char s[256]; @@ -178,7 +182,7 @@ int cue_find_bin (char *firstline) { bin_filename); /* now try to find it with the path of the cue file */ - sprintf(s,"%s/%s",bincue_path, bin_filename); + snprintf(s,sizeof( s ),"%s/%s",bincue_path,bin_filename); fd_bin = open (s, O_RDONLY); if (fd_bin == -1) { @@ -195,7 +199,7 @@ int cue_find_bin (char *firstline) { "[bincue] bin filename tested: %s\n", s); /* ok try it with path */ - sprintf(t,"%s/%s",bincue_path, s); + snprintf(t, sizeof( t ), "%s/%s", bincue_path, s); fd_bin = open (t, O_RDONLY); if (fd_bin == -1) { @@ -211,7 +215,7 @@ int cue_find_bin (char *firstline) { mp_msg(MSGT_OPEN,MSGL_STATUS, "[bincue] bin filename tested: %s \n", s); /* ok try it with path */ - sprintf(t,"%s/%s",bincue_path, s); + snprintf(t, sizeof( t ), "%s/%s", bincue_path, s); fd_bin = open (t, O_RDONLY); if (fd_bin == -1) { @@ -299,15 +303,16 @@ int cue_read_cue (char *in_cue_filename) strcpy(t, "/"); } printf ("dirname: %s\n", t); - strcpy(bincue_path,t); + strlcpy(bincue_path,t,sizeof( bincue_path )); /* no path at all? */ if (strcmp(bincue_path, ".") == 0) { printf ("bincue_path: %s\n", bincue_path); - strcpy(cue_filename,in_cue_filename); + strlcpy(cue_filename,in_cue_filename,sizeof( cue_filename )); } else { - strcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1); + strlcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1, + sizeof( cue_filename )); } |