[vlc-devel] commit: Fixed potential stack overflow in avi demuxer. (Laurent Aimar )
git version control
git at videolan.org
Tue Sep 15 21:20:54 CEST 2009
vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Tue Sep 15 21:02:40 2009 +0200| [861e374d03e6c60c7d3c98428c632fe3b9e371b2] | committer: Laurent Aimar
Fixed potential stack overflow in avi demuxer.
Reported by Sebastian Apelt, Siberas.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2
---
modules/demux/avi/libavi.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/modules/demux/avi/libavi.c b/modules/demux/avi/libavi.c
index ad65ecb..ffbb3f9 100644
--- a/modules/demux/avi/libavi.c
+++ b/modules/demux/avi/libavi.c
@@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s,
}
static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
- avi_chunk_t *p_chk, int i_level )
+ avi_chunk_t *p_chk, unsigned i_level )
{
- char str[1024];
- int i;
+ unsigned i;
avi_chunk_t *p_child;
+ char str[512];
+ if( i_level * 5 + 1 >= sizeof(str) )
+ return;
+
memset( str, ' ', sizeof( str ) );
for( i = 1; i < i_level; i++ )
{
@@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2 ||
p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST )
{
- sprintf( str + i_level * 5,
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64,
i_level ? '+' : '*',
(char*)&p_chk->common.i_chunk_fourcc,
@@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
}
else
{
- sprintf( str + i_level * 5,
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"+ %4.4s size:%"PRIu64" pos:%"PRIu64,
(char*)&p_chk->common.i_chunk_fourcc,
p_chk->common.i_chunk_size,
More information about the vlc-devel
mailing list