[libdvdcss-devel] [PATCH] Win32: move to WideChars for cache folder

Ivan Kalvachev ikalvachev at gmail.com
Mon Mar 11 13:17:15 CET 2013 

On 3/11/13, Jean-Baptiste Kempf <jb at videolan.org> wrote:
> ---
>  src/libdvdcss.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/src/libdvdcss.c b/src/libdvdcss.c
> index a5014b4..9c9a1e1 100644
> --- a/src/libdvdcss.c
> +++ b/src/libdvdcss.c
> @@ -244,15 +244,21 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char
> *psz_target )
>      {
>  #if defined(_WIN32_IE) && _WIN32_IE >= 0x500
>          char psz_home[MAX_PATH];
> +        wchar_t wdir[MAX_PATH];
>
>          /* Cache our keys in
>           * C:\Documents and Settings\$USER\Application Data\dvdcss\ */
> -        if (SHGetFolderPathA (NULL, CSIDL_APPDATA | CSIDL_FLAG_CREATE,
> -                              NULL, SHGFP_TYPE_CURRENT, psz_home ) ==
> S_OK)
> +        if (SHGetFolderPathW (NULL, CSIDL_APPDATA | CSIDL_FLAG_CREATE,
> +                              NULL, SHGFP_TYPE_CURRENT, wdir ) == S_OK)
>          {
> -            snprintf( psz_buffer, PATH_MAX, "%s\\dvdcss", psz_home );
> -            psz_buffer[PATH_MAX-1] = '\0';
> -            psz_cache = psz_buffer;
> +            int size_needed = WideCharToMultiByte (CP_UTF8, 0, wdir, -1,
> NULL, 0, NULL, NULL);
> +            if (size_needed != 0)
> +            {
> +                WideCharToMultiByte( CP_UTF8, 0, wdir, -1, psz_home,
> size_needed, NULL, NULL);
> +                snprintf( psz_buffer, PATH_MAX, "%s\\dvdcss", psz_home );
> +                psz_buffer[PATH_MAX-1] = '\0';
> +                psz_cache = psz_buffer;
> +            }
>          }
>  #else
>          char *psz_home = NULL;

When you convert 2 byte unicode to utf8, the UTF-8 may be 1, 2 or 3
bytes per character. (Anything above U+0x800 will be 3 bytes).
In short, this opens the possibility for buffer overflow.
(Not likely to be exploitable, it would likely overflow into the other array).

Possible solutions:
- make psz_home bigger (2*MAX_PATH),

- malloc psz_home, we have the size_needed. Bonus, psz_home
definition could be shared with the unix codepath.

- clip size_needed (it will be clipped in snprintf anyway).


BTW, are mingw libc functions expecting utf8 encoding?
Aka, would open() convert filename from utf8 to wchar and use *W
windows functions or would they use *A functions directly?

More information about the libdvdcss-devel mailing list