[vlc-devel] commit: Fixed potential stack overflow in mp4 demuxer. (Laurent Aimar )
git version control
git at videolan.org
Tue Sep 15 23:15:46 CEST 2009
vlc | branch: 1.0-bugfix | Laurent Aimar <fenrir at videolan.org> | Tue Sep 15 21:03:42 2009 +0200| [373cca961416795d92a12a9db010c9e11d2afa29] | committer: Laurent Aimar
Fixed potential stack overflow in mp4 demuxer.
Reported by Sebastian Apelt, Siberas.
(cherry picked from commit c5b02d011b8c634d041167f4d2936b55eca4d18d)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=373cca961416795d92a12a9db010c9e11d2afa29
---
modules/demux/mp4/libmp4.c | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index c4e9db1..9bf1a9d 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -2876,18 +2876,24 @@ static void __MP4_BoxDumpStructure( stream_t *s,
}
else
{
- char str[512];
unsigned int i;
- memset( str, (uint8_t)' ', 512 );
+
+ char str[512];
+ if( i_level * 5 + 1 >= sizeof(str) )
+ return;
+
+ memset( str, ' ', sizeof(str) );
for( i = 0; i < i_level; i++ )
{
str[i*5] = '|';
}
- if MP4_BOX_TYPE_ASCII()
- sprintf( str + i_level * 5, "+ %4.4s size %d",
+ if( MP4_BOX_TYPE_ASCII() )
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
+ "+ %4.4s size %d",
(char*)&p_box->i_type, (uint32_t)p_box->i_size );
else
- sprintf( str + i_level * 5, "+ c%3.3s size %d",
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
+ "+ c%3.3s size %d",
(char*)&p_box->i_type+1, (uint32_t)p_box->i_size );
msg_Dbg( s, "%s", str );
}
More information about the vlc-devel
mailing list