diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2007-02-08 02:40:22 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2007-02-08 02:40:22 +0000 |
| commit | e418c1e04f612664164841c297ddb97a0f3135bf (patch) | |
| tree | 8fc36e7a16fd0e482083e45d1ba6d1f3ef1a5742 | |
| parent | 2e01aa74ccd6a4d559f9b0cea2db95d6ccf7d696 (diff) | |
| download | xine-lib-e418c1e04f612664164841c297ddb97a0f3135bf.tar.gz xine-lib-e418c1e04f612664164841c297ddb97a0f3135bf.tar.bz2 | |
Remove any possibility of strcpy/sprintf overflows wrt front ends requesting
language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes).
Also fixes an off-by-one buffer termination in the TS code.
(Note: compile-tested only.)
CVS patchset: 8592
CVS date: 2007/02/08 02:40:22
| -rw-r--r-- | src/demuxers/demux_ogg.c | 6 | ||||
| -rw-r--r-- | src/demuxers/demux_ts.c | 11 | ||||
| -rw-r--r-- | src/input/input_dvd.c | 8 | ||||
| -rw-r--r-- | src/input/vcd/xineplug_inp_vcd.c | 8 |
4 files changed, 16 insertions, 17 deletions
diff --git a/src/demuxers/demux_ogg.c b/src/demuxers/demux_ogg.c index 218728e1b..59ede919b 100644 --- a/src/demuxers/demux_ogg.c +++ b/src/demuxers/demux_ogg.c @@ -19,7 +19,7 @@ */ /* - * $Id: demux_ogg.c,v 1.174 2007/01/23 23:20:23 hadess Exp $ + * $Id: demux_ogg.c,v 1.175 2007/02/08 02:40:22 dsalt Exp $ * * demultiplexer for ogg streams * @@ -1865,9 +1865,7 @@ static int format_lang_string (demux_ogg_t * this, uint32_t buf_mask, uint32_t b for (stream_num=0; stream_num<this->num_streams; stream_num++) { if ((this->si[stream_num]->buf_types & buf_mask) == buf_type) { if (this->si[stream_num]->language) { - strncpy (str, this->si[stream_num]->language, XINE_LANG_MAX); - str[XINE_LANG_MAX - 1] = '\0'; - if (strlen(this->si[stream_num]->language) >= XINE_LANG_MAX) + if (snprintf (str, XINE_LANG_MAX, "%s", this->si[stream_num]->language) >= XINE_LANG_MAX) /* the string got truncated */ str[XINE_LANG_MAX - 2] = str[XINE_LANG_MAX - 3] = str[XINE_LANG_MAX - 4] = '.'; /* TODO: provide long version in XINE_META_INFO_FULL_LANG */ diff --git a/src/demuxers/demux_ts.c b/src/demuxers/demux_ts.c index 99bc486a0..da2c37625 100644 --- a/src/demuxers/demux_ts.c +++ b/src/demuxers/demux_ts.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: demux_ts.c,v 1.124 2007/01/19 00:26:40 dgp85 Exp $ + * $Id: demux_ts.c,v 1.125 2007/02/08 02:40:22 dsalt Exp $ * * Demultiplexer for MPEG2 Transport Streams. * @@ -2015,11 +2015,12 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, case DEMUX_OPTIONAL_DATA_AUDIOLANG: if (this->audioLang[0]) { - strcpy(str, this->audioLang); + strncpy(str, this->audioLang, XINE_LANG_MAX - 1); + str[XINE_LANG_MAX - 1] = 0; } else { - sprintf(str, "%3i", _x_get_audio_channel(this->stream)); + snprintf(str, XINE_LANG_MAX, "%3i", _x_get_audio_channel(this->stream)); } return DEMUX_OPTIONAL_SUCCESS; @@ -2028,7 +2029,7 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, && this->current_spu_channel < this->no_spu_langs) { memcpy(str, this->spu_langs[this->current_spu_channel].desc.lang, 3); - str[4] = 0; + str[3] = 0; } else if (this->current_spu_channel == -1) { @@ -2036,7 +2037,7 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, } else { - sprintf(str, "%3i", this->current_spu_channel); + snprintf(str, XINE_LANG_MAX, "%3i", this->current_spu_channel); } return DEMUX_OPTIONAL_SUCCESS; diff --git a/src/input/input_dvd.c b/src/input/input_dvd.c index c132bdb04..a8100a063 100644 --- a/src/input/input_dvd.c +++ b/src/input/input_dvd.c @@ -18,7 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: input_dvd.c,v 1.214 2007/01/19 01:05:25 dgp85 Exp $ + * $Id: input_dvd.c,v 1.215 2007/02/08 02:40:23 dsalt Exp $ * */ @@ -1278,7 +1278,7 @@ static int dvd_plugin_get_optional_data (input_plugin_t *this_gen, if(this && this->stream && this->dvdnav) { if(!(dvdnav_is_domain_vts(this->dvdnav))) { - sprintf(data, "%s", "menu"); + strcpy(data, "menu"); if (channel <= 0) return INPUT_OPTIONAL_SUCCESS; else @@ -1297,11 +1297,11 @@ static int dvd_plugin_get_optional_data (input_plugin_t *this_gen, sprintf(data, " %c%c", lang >> 8, lang & 0xff); /* TODO: provide long version in XINE_META_INFO_FULL_LANG */ else - sprintf(data, " %c%c", '?', '?'); + strcpy(data, " ??"); return INPUT_OPTIONAL_SUCCESS; } else { if (channel == -1) { - sprintf(data, "%s", "none"); + strcpy(data, "none"); return INPUT_OPTIONAL_SUCCESS; } } diff --git a/src/input/vcd/xineplug_inp_vcd.c b/src/input/vcd/xineplug_inp_vcd.c index 87b442acd..920b5c1d8 100644 --- a/src/input/vcd/xineplug_inp_vcd.c +++ b/src/input/vcd/xineplug_inp_vcd.c @@ -1,5 +1,5 @@ /* - $Id: xineplug_inp_vcd.c,v 1.52 2006/12/19 19:10:51 dsalt Exp $ + $Id: xineplug_inp_vcd.c,v 1.53 2007/02/08 02:40:23 dsalt Exp $ Copyright (C) 2002, 2003, 2004, 2005 Rocky Bernstein <rocky@panix.com> @@ -1295,7 +1295,7 @@ vcd_get_optional_data (input_plugin_t *this_gen, dbg_print(INPUT_DBG_EXT, "AUDIO CHANNEL = %d\n", channel); if (channel == (uint8_t)-1) { - sprintf(data, " %s", "auto"); + strcpy(data, "auto"); } else { const vcdinfo_obj_t *p_vcdinfo= my_vcd.player.vcd; unsigned int audio_type; @@ -1320,9 +1320,9 @@ vcd_get_optional_data (input_plugin_t *this_gen, channel = (int8_t) _x_get_spu_channel(my_vcd.stream); dbg_print(INPUT_DBG_EXT, "SPU CHANNEL = %d\n", channel); if (-1 == channel) { - sprintf(data, " %s", "auto"); + strcpy(data, "auto"); } else { - sprintf(data, " %1d", channel); + sprintf(data, "%1d", channel); } } |