From fd11b253b9d1e6dea4c7d5e818d35ad291e7545e Mon Sep 17 00:00:00 2001
From: iive <iive@b3059339-0415-0410-9bf9-f77b7e298cf2>
Date: Fri, 6 Jul 2007 23:22:51 +0000
Subject: Fix crash on some DVDs sprintf(tmp,"%.02x",(char)0xef); would print
 "ffffffef" instead of "ef", in this case this leads to local array buffer
 overflow and hard to trace stack corruption. The quick, easy & durty solution
 is to use (unsigned char) or (uint8_t) Fixes Bugzilla 860 & 845

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@23728 b3059339-0415-0410-9bf9-f77b7e298cf2
---
 libdvdcss/libdvdcss.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libdvdcss')

diff --git a/libdvdcss/libdvdcss.c b/libdvdcss/libdvdcss.c
index dcc777de70..90795d2b36 100644
--- a/libdvdcss/libdvdcss.c
+++ b/libdvdcss/libdvdcss.c
@@ -404,7 +404,8 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
         uint8_t p_sector[DVDCSS_BLOCK_SIZE];
         char psz_debug[PATH_MAX + 30];
         char psz_key[1 + KEY_SIZE * 2 + 1];
-        char *psz_title, *psz_serial;
+        char *psz_title;
+        uint8_t *psz_serial;
         int i;
 
         /* We read sector 0. If it starts with 0x000001ba (BE), we are
@@ -462,7 +463,7 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
         }
 
         /* Get the date + serial */
-        psz_serial = (char *)p_sector + 813;
+        psz_serial = p_sector + 813;
         psz_serial[16] = '\0';
 
         /* Check that all characters are digits, otherwise convert. */
-- 
cgit v1.2.3