summaryrefslogtreecommitdiffstats
path: root/stream
diff options
context:
space:
mode:
authorrtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>2008-01-20 20:58:02 +0000
committerrtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>2008-01-20 20:58:02 +0000
commit8c3a19d8a8ecb66ac94a5b483928f65f6614006d (patch)
tree86887478a509c78943970043914dbb413936f59e /stream
parent795973f7327c46a514e7416d6df1b85b8cce868c (diff)
downloadmpv-8c3a19d8a8ecb66ac94a5b483928f65f6614006d.tar.bz2
mpv-8c3a19d8a8ecb66ac94a5b483928f65f6614006d.tar.xz
Prevent possible buffer overflow on album_title[]
Based on a patch by Adam Bozanich abozanich musecurity com git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@25824 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'stream')
-rw-r--r--stream/stream_cddb.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/stream/stream_cddb.c b/stream/stream_cddb.c
index f3c2410b8d..baabccac59 100644
--- a/stream/stream_cddb.c
+++ b/stream/stream_cddb.c
@@ -58,6 +58,7 @@
#include "version.h"
#include "stream.h"
#include "network.h"
+#include "libavutil/intreadwrite.h"
#define DEFAULT_FREEDB_SERVER "freedb.freedb.org"
#define DEFAULT_CACHE_DIR "/.cddb/"
@@ -503,8 +504,9 @@ cddb_parse_matches_list(HTTP_header_t *http_hdr, cddb_data_t *cddb_data) {
} else {
len = ptr2-ptr+1;
}
+ len = FFMIN(sizeof(album_title) - 1, len);
strncpy(album_title, ptr, len);
- album_title[len-2]='\0';
+ album_title[len]='\0';
}
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
return 0;
@@ -540,8 +542,9 @@ cddb_query_parse(HTTP_header_t *http_hdr, cddb_data_t *cddb_data) {
} else {
len = ptr2-ptr+1;
}
+ len = FFMIN(sizeof(album_title) - 1, len);
strncpy(album_title, ptr, len);
- album_title[len-2]='\0';
+ album_title[len]='\0';
}
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
return cddb_request_titles(cddb_data);