[vlc-commits] bluray: Fix potential buffer overflow when reading mount points

David Fuhrmann git at videolan.org
Wed May 13 19:30:34 CEST 2020


vlc/vlc-3.0 | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Wed May  6 20:35:22 2020 +0200| [a9a75ea81d70d977dfc5e1ea68bf1efa56ca78ab] | committer: David Fuhrmann

bluray: Fix potential buffer overflow when reading mount points

Avoid overflow when more than 128 mount points exist on the system.

(cherry picked from commit 2b697ae12898316af895a0a1e2285a70a49ea085)
Signed-off-by: David Fuhrmann <dfuhrmann at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=a9a75ea81d70d977dfc5e1ea68bf1efa56ca78ab
---

 modules/access/bluray.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/access/bluray.c b/modules/access/bluray.c
index dff49e4a38..10be6cbf27 100644
--- a/modules/access/bluray.c
+++ b/modules/access/bluray.c
@@ -435,14 +435,18 @@ static void FindMountPoint(char **file)
     if (!stat (device, &st) && S_ISBLK (st.st_mode)) {
         int fs_count = getfsstat (NULL, 0, MNT_NOWAIT);
         if (fs_count > 0) {
-            struct statfs mbuf[128];
-            getfsstat (mbuf, fs_count * sizeof(mbuf[0]), MNT_NOWAIT);
+            int bufSize = fs_count * sizeof (struct statfs);
+            struct statfs* mbuf = malloc(bufSize);
+            getfsstat (mbuf, bufSize, MNT_NOWAIT);
             for (int i = 0; i < fs_count; ++i)
                 if (!strcmp (mbuf[i].f_mntfromname, device)) {
                     free(device);
                     *file = strdup(mbuf[i].f_mntonname);
+                    free(mbuf);
                     return;
                 }
+
+            free(mbuf);
         }
     }
 #else



More information about the vlc-commits mailing list