[vlc-commits] hds: fix memory leak and buffer probing

[Tristan Matthews]

vlc | branch: master | Tristan Matthews <le.businessman at gmail.com> | Fri Aug  1 01:24:19 2014 -0400| [cc64d3fc9295a14d791250c54a6be8ad3847cfbd] | committer: Tristan Matthews

hds: fix memory leak and buffer probing

Only 200 bytes are peeked but FromCharset was being called with 512.
The char * returned by FromCharset was not being freed, and
strstr was being called on a buffer that was not NULL terminated
(in the non utf-8 case).

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cc64d3fc9295a14d791250c54a6be8ad3847cfbd
---

 modules/stream_filter/hds/hds.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/stream_filter/hds/hds.c b/modules/stream_filter/hds/hds.c
index edf6159..af3181d 100644
--- a/modules/stream_filter/hds/hds.c
+++ b/modules/stream_filter/hds/hds.c
@@ -186,23 +186,24 @@ static bool isHDS( stream_t *s )
     if( i_size < 200 )
         return false;
 
-    const char *str;
+    char *str;
 
     if( !memcmp( peek, "\xFF\xFE", 2 ) )
     {
-        str = FromCharset( "UTF-16LE", peek, 512 );
+        str = FromCharset( "UTF-16LE", peek, i_size );
     }
     else if( !memcmp( peek, "\xFE\xFF", 2 ) )
     {
-        str = FromCharset( "UTF-16BE", peek, 512 );
+        str = FromCharset( "UTF-16BE", peek, i_size );
     }
     else
-        str = peek;
+        str = strndup( peek, i_size );
 
     if( str == NULL )
         return false;
 
     bool ret = strstr( str, "<manifest" ) != NULL;
+    free( str );
     return ret;
 }