[vlc-commits] bluray: Fix potential buffer overflow when reading mount points

David Fuhrmann git at videolan.org
Thu May 7 18:38:30 CEST 2020


vlc | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Wed May  6 20:35:22 2020 +0200| [2b697ae12898316af895a0a1e2285a70a49ea085] | committer: David Fuhrmann

bluray: Fix potential buffer overflow when reading mount points

Avoid overflow when more than 128 mount points exist on the system.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2b697ae12898316af895a0a1e2285a70a49ea085
---

 modules/access/bluray.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/access/bluray.c b/modules/access/bluray.c
index d902fc5285..dfd471a02a 100644
--- a/modules/access/bluray.c
+++ b/modules/access/bluray.c
@@ -577,14 +577,18 @@ static void FindMountPoint(char **file)
     if (!stat (device, &st) && S_ISBLK (st.st_mode)) {
         int fs_count = getfsstat (NULL, 0, MNT_NOWAIT);
         if (fs_count > 0) {
-            struct statfs mbuf[128];
-            getfsstat (mbuf, fs_count * sizeof(mbuf[0]), MNT_NOWAIT);
+            int bufSize = fs_count * sizeof (struct statfs);
+            struct statfs* mbuf = malloc(bufSize);
+            getfsstat (mbuf, bufSize, MNT_NOWAIT);
             for (int i = 0; i < fs_count; ++i)
                 if (!strcmp (mbuf[i].f_mntfromname, device)) {
                     free(device);
                     *file = strdup(mbuf[i].f_mntonname);
+                    free(mbuf);
                     return;
                 }
+
+            free(mbuf);
         }
     }
 #else



More information about the vlc-commits mailing list