[vlc-devel] commit: Fixed potential stack overflow in asf demuxer. (Laurent Aimar )

git version control git at videolan.org
Tue Sep 15 21:20:53 CEST 2009


vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Tue Sep 15 21:00:14 2009 +0200| [dfe7084e8cc64e9b7a87cd37065b59cba2064823] | committer: Laurent Aimar 

Fixed potential stack overflow in asf demuxer.

Reported by Sebastian Apelt, Siberas.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=dfe7084e8cc64e9b7a87cd37065b59cba2064823
---

 modules/demux/asf/libasf.c |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c
index 6b5e07b..4b49222 100644
--- a/modules/demux/asf/libasf.c
+++ b/modules/demux/asf/libasf.c
@@ -1471,10 +1471,9 @@ static const struct
 
 
 static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
-                                 asf_object_common_t *p_node, int i_level )
+                                 asf_object_common_t *p_node, unsigned i_level )
 {
-    char str[1024];
-    int i;
+    unsigned i;
     union asf_object_u *p_child;
     const char *psz_name;
 
@@ -1487,12 +1486,16 @@ static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
     }
     psz_name = ASF_ObjectDumpDebugInfo[i].psz_name;
 
+    char str[512];
+    if( i_level * 5 + 1 >= sizeof(str) )
+        return;
+
     memset( str, ' ', sizeof( str ) );
     for( i = 1; i < i_level; i++ )
     {
         str[i * 5] = '|';
     }
-    snprintf( str + 5*i_level, 1024,
+    snprintf( &str[5*i_level], sizeof(str) - 5*i_level,
              "+ '%s' GUID "GUID_FMT" size:%"PRIu64"pos:%"PRIu64,
              psz_name,
              GUID_PRINT( p_node->i_object_id ),




More information about the vlc-devel mailing list