[vlc-devel] commit: Dynamically allocate the dir list to prevent potential array overflows ( I believe that we were writing to the 5th element of a 4 element array since the luac commits ). (Antoine Cellerier )

git version control git at videolan.org
Sat Feb 20 17:46:50 CET 2010 

vlc | branch: master | Antoine Cellerier <dionoea at videolan.org> | Sat Feb 20 17:48:05 2010 +0100| [c58a5af7401735b50fa058fe5ab83d8ae911de4c] | committer: Antoine Cellerier 

Dynamically allocate the dir list to prevent potential array overflows (I believe that we were writing to the 5th element of a 4 element array since the luac commits).

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c58a5af7401735b50fa058fe5ab83d8ae911de4c
---

 modules/misc/lua/libs/misc.c |    4 ++--
 modules/misc/lua/vlc.c       |   28 +++++++++++++++++++---------
 modules/misc/lua/vlc.h       |    2 +-
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/modules/misc/lua/libs/misc.c b/modules/misc/lua/libs/misc.c
index 2ddd4a3..5e5e806 100644
--- a/modules/misc/lua/libs/misc.c
+++ b/modules/misc/lua/libs/misc.c
@@ -155,11 +155,11 @@ static int vlclua_cachedir( lua_State *L )
 static int vlclua_datadir_list( lua_State *L )
 {
     const char *psz_dirname = luaL_checkstring( L, 1 );
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
     char **ppsz_dir = ppsz_dir_list;
     int i = 1;
 
-    if( vlclua_dir_list( vlclua_get_this( L ), psz_dirname, ppsz_dir_list )
+    if( vlclua_dir_list( vlclua_get_this( L ), psz_dirname, &ppsz_dir_list )
         != VLC_SUCCESS )
         return 0;
     lua_newtable( L );
diff --git a/modules/misc/lua/vlc.c b/modules/misc/lua/vlc.c
index e45c350..6c32015 100644
--- a/modules/misc/lua/vlc.c
+++ b/modules/misc/lua/vlc.c
@@ -163,8 +163,14 @@ static int file_compare( const char **a, const char **b )
 }
 
 int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname,
-                     char **ppsz_dir_list )
+                     char ***pppsz_dir_list )
 {
+#define MAX_DIR_LIST_SIZE 5
+    *pppsz_dir_list = malloc(MAX_DIR_LIST_SIZE*sizeof(char *));
+    if (!*pppsz_dir_list)
+        return VLC_EGENERIC;
+    char **ppsz_dir_list = *pppsz_dir_list;
+
     int i = 0;
     char *datadir = config_GetUserDir( VLC_DATA_DIR );
 
@@ -197,6 +203,9 @@ int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname,
     }
 
     ppsz_dir_list[i] = NULL;
+
+    assert( i < MAX_DIR_LIST_SIZE);
+
     return VLC_SUCCESS;
 }
 
@@ -205,6 +214,7 @@ void vlclua_dir_list_free( char **ppsz_dir_list )
     char **ppsz_dir;
     for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
         free( *ppsz_dir );
+    free( ppsz_dir_list );
 }
 
 /*****************************************************************************
@@ -216,9 +226,9 @@ int vlclua_scripts_batch_execute( vlc_object_t *p_this,
                                   int (*func)(vlc_object_t *, const char *, void *),
                                   void * user_data)
 {
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
 
-    int i_ret = vlclua_dir_list( p_this, luadirname, ppsz_dir_list );
+    int i_ret = vlclua_dir_list( p_this, luadirname, &ppsz_dir_list );
     if( i_ret != VLC_SUCCESS )
         return i_ret;
     i_ret = VLC_EGENERIC;
@@ -270,9 +280,9 @@ int vlclua_scripts_batch_execute( vlc_object_t *p_this,
 
 char *vlclua_find_file( vlc_object_t *p_this, const char *psz_luadirname, const char *psz_name )
 {
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
     char **ppsz_dir;
-    vlclua_dir_list( p_this, psz_luadirname, ppsz_dir_list );
+    vlclua_dir_list( p_this, psz_luadirname, &ppsz_dir_list );
     for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
     {
         for( const char **ppsz_ext = ppsz_lua_exts; *ppsz_ext; ppsz_ext++ )
@@ -577,10 +587,10 @@ static int vlc_sd_probe_Open( vlc_object_t *obj )
     char **ppsz_fileend  = NULL;
     char **ppsz_file;
     char *psz_name;
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
     char **ppsz_dir;
     lua_State *L = NULL;
-    vlclua_dir_list( obj, "sd", ppsz_dir_list );
+    vlclua_dir_list( obj, "sd", &ppsz_dir_list );
     for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
     {
         int i_files;
@@ -751,8 +761,8 @@ int __vlclua_add_modules_path( vlc_object_t *obj, lua_State *L, const char *psz_
         return 1;
     }
 
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
-    vlclua_dir_list( obj, psz_char+1/* gruik? */, ppsz_dir_list );
+    char **ppsz_dir_list = NULL;
+    vlclua_dir_list( obj, psz_char+1/* gruik? */, &ppsz_dir_list );
     char **ppsz_dir = ppsz_dir_list;
 
     for( ; *ppsz_dir && strcmp( *ppsz_dir, psz_path ); ppsz_dir++ );
diff --git a/modules/misc/lua/vlc.h b/modules/misc/lua/vlc.h
index 7bca326..e6e13d2 100644
--- a/modules/misc/lua/vlc.h
+++ b/modules/misc/lua/vlc.h
@@ -106,7 +106,7 @@ int vlclua_push_ret( lua_State *, int i_error );
 int vlclua_scripts_batch_execute( vlc_object_t *p_this, const char * luadirname,
         int (*func)(vlc_object_t *, const char *, void *),
         void * user_data );
-int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname, char **ppsz_dir_list );
+int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname, char ***pppsz_dir_list );
 void vlclua_dir_list_free( char **ppsz_dir_list );
 char *vlclua_find_file( vlc_object_t *p_this, const char *psz_luadirname, const char *psz_name );

More information about the vlc-devel mailing list