[vlc-devel] [PATCH] hds: fix memory leak and buffer probing

[Rémi Denis-Courmont]

Le jeudi 17 juillet 2014, 13:22:35 Tristan Matthews a écrit :
> The char * returned by FromCharset was not being freed, and
> strstr was being called on a buffer that was not NULL terminated.
> ---
>  modules/stream_filter/hds/hds.c | 22 ++++++++++++++++------
>  1 file changed, 16 insertions(+), 6 deletions(-)
> 
> diff --git a/modules/stream_filter/hds/hds.c
> b/modules/stream_filter/hds/hds.c index 5119ba2..6104f7d 100644
> --- a/modules/stream_filter/hds/hds.c
> +++ b/modules/stream_filter/hds/hds.c
> @@ -184,23 +184,33 @@ static bool isHDS( stream_t *s )
>      if( i_size < 200 )
>          return false;
> 
> -    const char *str;
> +    char *peeked = malloc( 512 );
> +    if( unlikely( peeked == NULL ) )
> +        return false;
> +
> +    memcpy( peeked, peek, i_size );
> +    peeked[i_size - 1] = '\0';
> +
> +    char *str;
> 
> -    if( !memcmp( peek, "\xFF\xFE", 2 ) )
> +    if( !memcmp( peeked, "\xFF\xFE", 2 ) )
>      {
> -        str = FromCharset( "UTF-16LE", peek, 512 );
> +        str = FromCharset( "UTF-16LE", peeked, 512 );
> +        free( peeked );
>      }
> -    else if( !memcmp( peek, "\xFE\xFF", 2 ) )
> +    else if( !memcmp( peeked, "\xFE\xFF", 2 ) )
>      {
> -        str = FromCharset( "UTF-16BE", peek, 512 );
> +        str = FromCharset( "UTF-16BE", peeked, 512 );
> +        free( peeked );
>      }
>      else
> -        str = peek;
> +        str = peeked;

strndup() here would be simpler, minding that FromCharset() always insert a 
nul terminator.

> 
>      if( str == NULL )
>          return false;
> 
>      bool ret = strstr( str, "<manifest" ) != NULL;
> +    free( str );
>      return ret;
>  }

-- 
Rémi Denis-Courmont
http://www.remlab.net/