stream_cddb: replace sprintf with snprintf

Replace sprintf with snprintf. To my knowledge the only "real" issue this fixes is that setting certain environment variables to very long strings might have caused overflows. git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@35306 b3059339-0415-0410-9bf9-f77b7e298cf2
author: reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2> 2012-10-31 18:55:33 +0000
committer: wm4 <wm4@nowhere> 2012-10-31 22:44:05 +0100
commit: 7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3 (patch)
tree: a542c8cb712b86294c4a24da48109a3391b3f9c4 /stream
parent: a169aa6364ad857b174457a733ef9487a2d07188 (diff)
download: mpv-7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3.tar.bz2
mpv-7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3.tar.xz
1 files changed, 14 insertions, 12 deletions
diff --git a/stream/stream_cddb.c b/stream/stream_cddb.c
index 339f8a75f1..76fdaa95b8 100644
--- a/stream/stream_cddb.c
+++ b/stream/stream_cddb.c
@@ -106,7 +106,7 @@ static int read_toc(const char *dev)
     CDROM_TOC toc;
     char device[10];
 
-    sprintf(device, "\\\\.\\%s", dev);
+    snprintf(device, sizeof(device), "\\\\.\\%s", dev);
     drive = CreateFile(device, GENERIC_READ, FILE_SHARE_READ, NULL,
                        OPEN_EXISTING, 0, 0);
 
@@ -305,7 +305,7 @@ static int cddb_http_request(char *command,
     if (reply_parser == NULL || command == NULL || cddb_data == NULL)
         return -1;
 
-    sprintf(request, "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d",
+    snprintf(request, sizeof(request), "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d",
             cddb_data->freedb_server, command, cddb_data->cddb_hello,
             cddb_data->freedb_proto_level);
     mp_msg(MSGT_OPEN, MSGL_INFO,"Request[%s]\n", request);
@@ -358,7 +358,7 @@ static int cddb_read_cache(cddb_data_t *cddb_data)
     if (cddb_data == NULL || cddb_data->cache_dir == NULL)
         return -1;
 
-    sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
+    snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
 
     file_fd = open(file_name, O_RDONLY | O_BINARY);
     if (file_fd < 0) {
@@ -419,7 +419,7 @@ static int cddb_write_cache(cddb_data_t *cddb_data)
         }
     }
 
-    sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
+    snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
 
     file_fd = creat(file_name, S_IRUSR | S_IWUSR);
     if (file_fd < 0) {
@@ -506,7 +506,7 @@ static int cddb_read_parse(HTTP_header_t *http_hdr, cddb_data_t *cddb_data)
 static int cddb_request_titles(cddb_data_t *cddb_data)
 {
     char command[1024];
-    sprintf(command, "cddb+read+%s+%08lx",
+    snprintf(command, sizeof(command), "cddb+read+%s+%08lx",
             cddb_data->category, cddb_data->disc_id);
     return cddb_http_request(command, cddb_read_parse, cddb_data);
 }
@@ -671,7 +671,8 @@ static void cddb_create_hello(cddb_data_t *cddb_data)
         }
         user_name = getenv("LOGNAME");
     }
-    sprintf(cddb_data->cddb_hello, "&hello=%s+%s+%s",
+    snprintf(cddb_data->cddb_hello, sizeof(cddb_data->cddb_hello),
+            "&hello=%s+%s+%s",
             user_name, host_name, mplayer_version);
 }
 
@@ -684,8 +685,9 @@ static int cddb_retrieve(cddb_data_t *cddb_data)
 
     ptr = offsets;
     for (i = 0; i < cddb_data->tracks ; i++) {
-        ptr += sprintf(ptr, "%d+", cdtoc[i].frame);
-        if (ptr-offsets > sizeof offsets - 40) break;
+        unsigned space = sizeof(offsets) - (ptr - offsets);
+        if (space < 40) break;
+        ptr += snprintf(ptr, space, "%d+", cdtoc[i].frame);
     }
     ptr[0] = 0;
     time_len = (cdtoc[cddb_data->tracks].frame)/75;
@@ -700,7 +702,7 @@ static int cddb_retrieve(cddb_data_t *cddb_data)
         return -1;
     }
 
-    sprintf(command, "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id,
+    snprintf(command, sizeof(command), "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id,
             cddb_data->tracks, offsets, time_len);
     ret = cddb_http_request(command, cddb_query_parse, cddb_data);
     if (ret < 0)
@@ -750,13 +752,13 @@ int cddb_resolve(const char *dev, char **xmcd_file)
     if (home_dir == NULL) {
         cddb_data.cache_dir = NULL;
     } else {
-        cddb_data.cache_dir = malloc(strlen(home_dir)
-                                     + strlen(cddb_cache_dir) + 1);
+        unsigned len = strlen(home_dir) + strlen(cddb_cache_dir) + 1;
+        cddb_data.cache_dir = malloc(len);
         if (cddb_data.cache_dir == NULL) {
             mp_tmsg(MSGT_DEMUX, MSGL_ERR, "Memory allocation failed.\n");
             return -1;
         }
-        sprintf(cddb_data.cache_dir, "%s%s", home_dir, cddb_cache_dir);
+        snprintf(cddb_data.cache_dir, len, "%s%s", home_dir, cddb_cache_dir);
     }
 
     // Check for a cached file
author	reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2>	2012-10-31 18:55:33 +0000
committer	wm4 <wm4@nowhere>	2012-10-31 22:44:05 +0100
commit	7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3 (patch)
tree	a542c8cb712b86294c4a24da48109a3391b3f9c4 /stream
parent	a169aa6364ad857b174457a733ef9487a2d07188 (diff)
download	mpv-7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3.tar.bz2 mpv-7d5a6b9b02f41130eb26ff4f2d71aee1d0488ea3.tar.xz