[vlc-commits] commit: Growl: fix a second buffer overflow. ( Rémi Duraffort )

git at videolan.org git at videolan.org
Sat Apr 17 11:58:52 CEST 2010 

vlc/vlc-1.0 | branch: master | Rémi Duraffort <ivoire at videolan.org> | Sun Mar 28 19:00:44 2010 +0200| [0f41d8c04ebc5deea531a9a1c8dd05adb1e178e3] | committer: Rémi Duraffort 

Growl: fix a second buffer overflow.
(cherry picked from commit 49f13e0e08beffc1d44ceb356d6e8c027119f41e)

Signed-off-by: Rémi Duraffort <ivoire at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.0.git/?a=commit;h=0f41d8c04ebc5deea531a9a1c8dd05adb1e178e3
---

 modules/misc/notify/growl_udp.c |   20 ++++++++++++++++----
 1 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/modules/misc/notify/growl_udp.c b/modules/misc/notify/growl_udp.c
index 2913d1a..c194b20 100644
--- a/modules/misc/notify/growl_udp.c
+++ b/modules/misc/notify/growl_udp.c
@@ -231,6 +231,17 @@ static int NotifyToGrowl( vlc_object_t *p_this, const char *psz_desc )
     if( psz_encoded == NULL )
         return false;
 
+    // Check the size of the data
+    size_t i_type = strlen( psz_type );
+    size_t i_title = strlen( psz_title );
+    size_t i_app = strlen( APPLICATION_NAME );
+    size_t i_desc = strlen( psz_desc );
+    if( 12 + i_type + i_title + i_desc + i_app >= GROWL_MAX_LENGTH + 42 )
+    {
+        free( psz_encoded );
+        return false;
+    }
+
     psz_encoded[i++] = GROWL_PROTOCOL_VERSION;
     psz_encoded[i++] = GROWL_TYPE_NOTIFICATION;
     flags = 0;
@@ -240,14 +251,15 @@ static int NotifyToGrowl( vlc_object_t *p_this, const char *psz_desc )
     insertstrlen(psz_title);
     insertstrlen(psz_desc);
     insertstrlen(APPLICATION_NAME);
+
     strcpy( (char*)(psz_encoded+i), psz_type );
-    i += strlen(psz_type);
+    i += i_type;
     strcpy( (char*)(psz_encoded+i), psz_title );
-    i += strlen(psz_title);
+    i += i_title;
     strcpy( (char*)(psz_encoded+i), psz_desc );
-    i += strlen(psz_desc);
+    i += i_desc;
     strcpy( (char*)(psz_encoded+i), APPLICATION_NAME );
-    i += strlen(APPLICATION_NAME);
+    i += i_app;
 
     CheckAndSend(p_this, psz_encoded, i, GROWL_MAX_LENGTH + 42);
     free( psz_encoded );

More information about the vlc-commits mailing list