From 68839e4e77fb169141b0d516ad41ab35892c3ef6 Mon Sep 17 00:00:00 2001 From: schnusch Date: Sat, 15 Oct 2016 09:20:29 +0200 Subject: stream_bluray: check title index/playlist range Blu-ray title index/playlist must be in the range 0-99999, otherwise an error will be returned --- stream/stream_bluray.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'stream/stream_bluray.c') diff --git a/stream/stream_bluray.c b/stream/stream_bluray.c index 69f920ed73..26a78e5f21 100644 --- a/stream/stream_bluray.c +++ b/stream/stream_bluray.c @@ -480,14 +480,28 @@ static int bluray_stream_open(stream_t *s) b->cfg_title = BLURAY_MENU_TITLE; } else if (bstr_equals0(title, "mpls")) { bstr_split_tok(bdevice, "/", &title, &bdevice); - b->cfg_playlist = bstrtoll(title, &rest, 10); + long long pl = bstrtoll(title, &rest, 10); + if (rest.len) { + MP_ERR(s, "number expected: '%.*s'\n", BSTR_P(rest)); + return STREAM_ERROR; + } else if (pl < 0 || 99999 < pl) { + MP_ERR(s, "invalid playlist: '%.*s', must be in the range 0-99999\n", + BSTR_P(title)); + return STREAM_ERROR; + } + b->cfg_playlist = pl; b->cfg_title = BLURAY_PLAYLIST_TITLE; } else if (title.len) { - b->cfg_title = bstrtoll(title, &rest, 10); - } - if (rest.len) { - MP_ERR(s, "number expected: '%.*s'\n", BSTR_P(rest)); - return STREAM_ERROR; + long long t = bstrtoll(title, &rest, 10); + if (rest.len) { + MP_ERR(s, "number expected: '%.*s'\n", BSTR_P(rest)); + return STREAM_ERROR; + } else if (t < 0 || 99999 < t) { + MP_ERR(s, "invalid title: '%.*s', must be in the range 0-99999\n", + BSTR_P(title)); + return STREAM_ERROR; + } + b->cfg_title = t; } b->cfg_device = bstrto0(b, bdevice); -- cgit v1.2.3