[vlc-devel] commit: input: fix stack overflow if user feeds an overly large MRL ( Rémi Denis-Courmont )

[git version control]

vlc | branch: 0.9-bugfix | Rémi Denis-Courmont <remi at remlab.net> | Tue Mar 17 20:02:43 2009 +0200| [abc867adb981772703c5d33711736f531a4551b4] | committer: Rémi Denis-Courmont 

input: fix stack overflow if user feeds an overly large MRL

(cherry picked from commit a276d9aa737e353a7c2bf5e19b36216a8c47528b)

Conflicts:

	src/input/input.c

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=abc867adb981772703c5d33711736f531a4551b4
---

 src/input/input.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/input/input.c b/src/input/input.c
index 6840657..9fc59c7 100644
--- a/src/input/input.c
+++ b/src/input/input.c
@@ -2063,8 +2063,6 @@ static int InputSourceInit( input_thread_t *p_input,
                             const char *psz_forced_demux )
 {
     const bool b_master = in == &p_input->p->input;
-
-    char psz_dup[strlen (psz_mrl) + 1];
     const char *psz_access;
     const char *psz_demux;
     char *psz_path;
@@ -2073,11 +2071,14 @@ static int InputSourceInit( input_thread_t *p_input,
     vlc_value_t val;
     double f_fps;
 
-    strcpy( psz_dup, psz_mrl );
-
     if( !in ) return VLC_EGENERIC;
     if( !p_input ) return VLC_EGENERIC;
 
+    char *psz_dup = strdup( psz_mrl );
+
+    if( psz_dup == NULL )
+        goto error;
+
     /* Split uri */
     input_SplitMRL( &psz_access, &psz_demux, &psz_path, psz_dup );
 
@@ -2328,6 +2329,8 @@ static int InputSourceInit( input_thread_t *p_input,
         }
     }
 
+    free( psz_dup );
+
     /* get attachment
      * FIXME improve for b_preparsing: move it after GET_META and check psz_arturl */
     if( 1 || !p_input->b_preparsing )
@@ -2367,6 +2370,7 @@ error:
 
     if( in->p_access )
         access_Delete( in->p_access );
+    free( psz_dup );
 
     return VLC_EGENERIC;
 }