[vlc-devel] [PATCH] src: input: fix read overflow in timeshift
Romain Vimont
rom1v at videolabs.io
Fri Nov 6 16:52:12 CET 2020
OK for the quick fix, but IMO the behavior is still very surprising.
For example, in Add(), the cast to an union pointer is quite ugly:
ts_cmd_add_t cmd;
TsPushCmd(..., (ts_cmd_t *) &cmd);
Regards
On Fri, Nov 06, 2020 at 02:00:54PM +0100, Francois Cartegnie wrote:
> ---
> src/input/es_out_timeshift.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/input/es_out_timeshift.c b/src/input/es_out_timeshift.c
> index 8ffa1ea400..3239e8e9c2 100644
> --- a/src/input/es_out_timeshift.c
> +++ b/src/input/es_out_timeshift.c
> @@ -1328,7 +1328,8 @@ static bool TsStorageIsEmpty( ts_storage_t *p_storage )
> static void TsStoragePushCmd( ts_storage_t *p_storage, const ts_cmd_t *p_cmd, bool b_flush )
> {
> assert( !TsStorageIsFull( p_storage, p_cmd ) );
> - ts_cmd_t cmd = *p_cmd;
> + ts_cmd_t cmd;
> + memcpy(&cmd, p_cmd, TsStorageSizeofCommand[p_cmd->header.i_type]);
>
> if( cmd.header.i_type == C_SEND )
> {
> --
> 2.26.2
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list