[vlc-commits] bluray: Fix potential buffer overflow when reading mount points
David Fuhrmann
git at videolan.org
Thu May 7 18:38:30 CEST 2020
vlc | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Wed May 6 20:35:22 2020 +0200| [2b697ae12898316af895a0a1e2285a70a49ea085] | committer: David Fuhrmann
bluray: Fix potential buffer overflow when reading mount points
Avoid overflow when more than 128 mount points exist on the system.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2b697ae12898316af895a0a1e2285a70a49ea085
---
modules/access/bluray.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/modules/access/bluray.c b/modules/access/bluray.c
index d902fc5285..dfd471a02a 100644
--- a/modules/access/bluray.c
+++ b/modules/access/bluray.c
@@ -577,14 +577,18 @@ static void FindMountPoint(char **file)
if (!stat (device, &st) && S_ISBLK (st.st_mode)) {
int fs_count = getfsstat (NULL, 0, MNT_NOWAIT);
if (fs_count > 0) {
- struct statfs mbuf[128];
- getfsstat (mbuf, fs_count * sizeof(mbuf[0]), MNT_NOWAIT);
+ int bufSize = fs_count * sizeof (struct statfs);
+ struct statfs* mbuf = malloc(bufSize);
+ getfsstat (mbuf, bufSize, MNT_NOWAIT);
for (int i = 0; i < fs_count; ++i)
if (!strcmp (mbuf[i].f_mntfromname, device)) {
free(device);
*file = strdup(mbuf[i].f_mntonname);
+ free(mbuf);
return;
}
+
+ free(mbuf);
}
}
#else
More information about the vlc-commits
mailing list