[vlc-devel] [PATCH] hds: fix memory leak and buffer probing
Tristan Matthews
le.businessman at gmail.com
Fri Aug 1 14:31:03 CEST 2014
On Fri, Aug 1, 2014 at 6:03 AM, Rémi Denis-Courmont <remi at remlab.net> wrote:
> Le 2014-08-01 08:32, Tristan Matthews a écrit :
>
>> Only 200 bytes are peeked but FromCharset was being called with 512.
>> The char * returned by FromCharset was not being freed, and
>> strstr was being called on a buffer that was not NULL terminated.
>
>
> I don't think that's true. FromCharset() should always nul-terminate the
> string.an
FromCharset does, but in the else case (str = peek) where FromCharset
was not being used, str was not NULL terminated. You can see this
behaviour with valgrind.
Best,
Tristan
>
>> ---
>> modules/stream_filter/hds/hds.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/modules/stream_filter/hds/hds.c
>> b/modules/stream_filter/hds/hds.c
>> index edf6159..af3181d 100644
>> --- a/modules/stream_filter/hds/hds.c
>> +++ b/modules/stream_filter/hds/hds.c
>> @@ -186,23 +186,24 @@ static bool isHDS( stream_t *s )
>> if( i_size < 200 )
>> return false;
>>
>> - const char *str;
>> + char *str;
>>
>> if( !memcmp( peek, "\xFF\xFE", 2 ) )
>> {
>> - str = FromCharset( "UTF-16LE", peek, 512 );
>> + str = FromCharset( "UTF-16LE", peek, i_size );
>> }
>> else if( !memcmp( peek, "\xFE\xFF", 2 ) )
>> {
>> - str = FromCharset( "UTF-16BE", peek, 512 );
>> + str = FromCharset( "UTF-16BE", peek, i_size );
>> }
>> else
>> - str = peek;
>> + str = strndup( peek, i_size );
>>
>> if( str == NULL )
>> return false;
>>
>> bool ret = strstr( str, "<manifest" ) != NULL;
>> + free( str );
>> return ret;
>> }
>
>
> --
> Rémi Denis-Courmont
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list