[vlc-commits] vcd: fix NULL dereference on error

Rémi Denis-Courmont git at videolan.org
Mon Aug 25 20:27:04 CEST 2014 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Mon Aug 25 21:26:52 2014 +0300| [a1c81a10276b3839c9832d274ae5def3c53ee203] | committer: Rémi Denis-Courmont

vcd: fix NULL dereference on error

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a1c81a10276b3839c9832d274ae5def3c53ee203
---

 modules/access/vcd/cdrom.c |   33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/modules/access/vcd/cdrom.c b/modules/access/vcd/cdrom.c
index d55bef4..efa3cd2 100644
--- a/modules/access/vcd/cdrom.c
+++ b/modules/access/vcd/cdrom.c
@@ -782,29 +782,32 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
     {
         /* psz_dev must be the cue file. Let's assume there's a .bin
          * file with the same filename */
-        psz_vcdfile = malloc( p_pos - psz_dev + 5 /* ".bin" */ );
-        strncpy( psz_vcdfile, psz_dev, p_pos - psz_dev );
-        strcpy( psz_vcdfile + (p_pos - psz_dev), ".bin");
+        if( asprintf( &psz_vcdfile, "%.*s.bin", (int)(p_pos - psz_dev),
+                      psz_dev ) < 0 )
+            psz_vcdfile = NULL;
         psz_cuefile = strdup( psz_dev );
     }
     else
+    if( p_pos )
     {
         /* psz_dev must be the actual vcd file. Let's assume there's a .cue
          * file with the same filename */
-        if( p_pos )
-        {
-            psz_cuefile = malloc( p_pos - psz_dev + 5 /* ".cue" */ );
-            strncpy( psz_cuefile, psz_dev, p_pos - psz_dev );
-            strcpy( psz_cuefile + (p_pos - psz_dev), ".cue");
-        }
-        else
-        {
-            if( asprintf( &psz_cuefile, "%s.cue", psz_dev ) == -1 )
-                psz_cuefile = NULL;
-        }
-        /* If we need to look up the .cue file, then we don't have to look for the vcd */
+        if( asprintf( &psz_cuefile, "%.*s.cue", (int)(p_pos - psz_dev),
+                      psz_dev ) < 0 )
+            psz_cuefile = NULL;
         psz_vcdfile = strdup( psz_dev );
     }
+    else
+    {
+        if( asprintf( &psz_cuefile, "%s.cue", psz_dev ) == -1 )
+            psz_cuefile = NULL;
+         /* If we need to look up the .cue file, then we don't have to look
+          * for the vcd */
+        psz_vcdfile = strdup( psz_dev );
+    }
+
+    if( psz_cuefile == NULL || psz_vcdfile == NULL )
+        goto error;
 
     /* Open the cue file and try to parse it */
     msg_Dbg( p_this,"trying .cue file: %s", psz_cuefile );

More information about the vlc-commits mailing list