[vlc-commits] vcd: fix NULL dereference on error

Tue Aug 26 00:24:43 CEST 2014

vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Mon Aug 25 21:26:52 2014 +0300| [e9dc4f795242ab447145dca7dbfc0b72d5f6904d] | committer: Jean-Baptiste Kempf

vcd: fix NULL dereference on error

(cherry picked from commit a1c81a10276b3839c9832d274ae5def3c53ee203)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=e9dc4f795242ab447145dca7dbfc0b72d5f6904d
---

 modules/access/vcd/cdrom.c |   33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/modules/access/vcd/cdrom.c b/modules/access/vcd/cdrom.c
index d55bef4..efa3cd2 100644
--- a/modules/access/vcd/cdrom.c
+++ b/modules/access/vcd/cdrom.c
@@ -782,29 +782,32 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
     {
         /* psz_dev must be the cue file. Let's assume there's a .bin
          * file with the same filename */
-        psz_vcdfile = malloc( p_pos - psz_dev + 5 /* ".bin" */ );
-        strncpy( psz_vcdfile, psz_dev, p_pos - psz_dev );
-        strcpy( psz_vcdfile + (p_pos - psz_dev), ".bin");
+        if( asprintf( &psz_vcdfile, "%.*s.bin", (int)(p_pos - psz_dev),
+                      psz_dev ) < 0 )
+            psz_vcdfile = NULL;
         psz_cuefile = strdup( psz_dev );
     }
     else
+    if( p_pos )
     {
         /* psz_dev must be the actual vcd file. Let's assume there's a .cue
          * file with the same filename */
-        if( p_pos )
-        {
-            psz_cuefile = malloc( p_pos - psz_dev + 5 /* ".cue" */ );
-            strncpy( psz_cuefile, psz_dev, p_pos - psz_dev );
-            strcpy( psz_cuefile + (p_pos - psz_dev), ".cue");
-        }
-        else
-        {
-            if( asprintf( &psz_cuefile, "%s.cue", psz_dev ) == -1 )
-                psz_cuefile = NULL;
-        }
-        /* If we need to look up the .cue file, then we don't have to look for the vcd */
+        if( asprintf( &psz_cuefile, "%.*s.cue", (int)(p_pos - psz_dev),
+                      psz_dev ) < 0 )
+            psz_cuefile = NULL;
         psz_vcdfile = strdup( psz_dev );
     }
+    else
+    {
+        if( asprintf( &psz_cuefile, "%s.cue", psz_dev ) == -1 )
+            psz_cuefile = NULL;
+         /* If we need to look up the .cue file, then we don't have to look
+          * for the vcd */
+        psz_vcdfile = strdup( psz_dev );
+    }
+
+    if( psz_cuefile == NULL || psz_vcdfile == NULL )
+        goto error;
 
     /* Open the cue file and try to parse it */
     msg_Dbg( p_this,"trying .cue file: %s", psz_cuefile );

