diff options
| author | Michael Roitzsch <mroi@users.sourceforge.net> | 2004-07-22 14:21:31 +0000 |
|---|---|---|
| committer | Michael Roitzsch <mroi@users.sourceforge.net> | 2004-07-22 14:21:31 +0000 |
| commit | f41851a6fde52ce317547ca361168553b29e2836 (patch) | |
| tree | 4ca9a0f980fe17f7cacd2e220d5e5390bd69051a | |
| parent | deae5222f27a68c36f9c16bd754ea1b492e135e0 (diff) | |
| download | xine-lib-f41851a6fde52ce317547ca361168553b29e2836.tar.gz xine-lib-f41851a6fde52ce317547ca361168553b29e2836.tar.bz2 | |
* font name stored in an unprotected buffer, configuring a long font name
would have caused an overflow
* using strncpy is good, but if the buffer is too short, it leaves the
string unterminated; fixed
CVS patchset: 6834
CVS date: 2004/07/22 14:21:31
| -rw-r--r-- | src/libsputext/xine_decoder.c | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/src/libsputext/xine_decoder.c b/src/libsputext/xine_decoder.c index 94e0c4fcc..8e955ed0a 100644 --- a/src/libsputext/xine_decoder.c +++ b/src/libsputext/xine_decoder.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: xine_decoder.c,v 1.84 2004/07/14 18:51:29 valtri Exp $ + * $Id: xine_decoder.c,v 1.85 2004/07/22 14:21:31 mroi Exp $ * */ @@ -295,7 +295,8 @@ static void draw_subtitle(sputext_decoder_t *this, int64_t sub_start, int64_t su update_font_size(this, 0); if( strcmp(this->font, this->class->font) ) { - strcpy(this->font, this->class->font); + strncpy(this->font, this->class->font, FONTNAME_SIZE); + this->font[FONTNAME_SIZE - 1] = '\0'; if( this->renderer ) this->renderer->set_font (this->osd, this->class->font, this->font_size); } @@ -323,14 +324,17 @@ static void draw_subtitle(sputext_decoder_t *this, int64_t sub_start, int64_t su char *p=this->text[line]; for(b=0;b<chunks;b++) { char *c; - if(b==chunks-1) /* if we are reading the last chunk, copy it completly */ + if(b==chunks-1) { /* if we are reading the last chunk, copy it completly */ strncpy(this->text[line+b],p,SUB_BUFSIZE); - else { + this->text[line+b][SUB_BUFSIZE - 1] = '\0'; + } else { for(c=p+(int)(len/chunks)+(len%chunks?1:0);*c!=' ' && c>p && c!='\0';c--); if(*c==' ') { *c='\0'; - if(b) /* we are reading something that has to be moved to another line */ + if(b) { /* we are reading something that has to be moved to another line */ strncpy(this->text[line+b],p,SUB_BUFSIZE); + this->text[line+b][SUB_BUFSIZE - 1] = '\0'; + } p=c+1; } } @@ -361,13 +365,15 @@ static void draw_subtitle(sputext_decoder_t *this, int64_t sub_start, int64_t su char *p=buf; for(b=0;b<chunks;b++) { char *c; - if(b==chunks-1) /* if we are reading the last chunk, copy it completly */ + if(b==chunks-1) { /* if we are reading the last chunk, copy it completly */ strncpy(this->text[b],p,SUB_BUFSIZE); - else { + this->text[b][SUB_BUFSIZE - 1] = '\0'; + } else { for(c=p+(int)(len/chunks)+(len%chunks?1:0);*c!=' ' && c>p && c!='\0';c--); if(*c==' ') { *c='\0'; strncpy(this->text[b],p,SUB_BUFSIZE); + this->text[b][SUB_BUFSIZE - 1] = '\0'; p=c+1; } } @@ -403,14 +409,17 @@ static void draw_subtitle(sputext_decoder_t *this, int64_t sub_start, int64_t su char *p=this->text[line]; for(b=0;b<chunks;b++) { char *c; - if(b==chunks-1) /* if we are reading the last chunk, copy it completly */ + if(b==chunks-1) { /* if we are reading the last chunk, copy it completly */ strncpy(this->text[line+b],p,SUB_BUFSIZE); - else { + this->text[line+b][SUB_BUFSIZE - 1] = '\0'; + } else { for(c=p+(int)(len/chunks)+(len%chunks?1:0);*c!=' ' && c>p && c!='\0';c--); if(*c==' ') { *c='\0'; - if(b) /* we are reading something that has to be moved to another line */ + if(b) { /* we are reading something that has to be moved to another line */ strncpy(this->text[line+b],p,SUB_BUFSIZE); + this->text[line+b][SUB_BUFSIZE - 1] = '\0'; + } p=c+1; } } @@ -441,13 +450,15 @@ static void draw_subtitle(sputext_decoder_t *this, int64_t sub_start, int64_t su char *p=buf; for(b=0;b<chunks;b++) { char *c; - if(b==chunks-1) /* if we are reading the last chunk, copy it completly */ + if(b==chunks-1) { /* if we are reading the last chunk, copy it completly */ strncpy(this->text[b],p,SUB_BUFSIZE); - else { + this->text[b][SUB_BUFSIZE - 1] = '\0'; + } else { for(c=p+(int)(len/chunks)+(len%chunks?1:0);*c!=' ' && c>p && c!='\0';c--); if(*c==' ') { *c='\0'; strncpy(this->text[b],p,SUB_BUFSIZE); + this->text[b][SUB_BUFSIZE - 1] = '\0'; p=c+1; } } @@ -748,7 +759,8 @@ static void update_osd_font(void *class_gen, xine_cfg_entry_t *entry) { sputext_class_t *class = (sputext_class_t *)class_gen; - strcpy(class->font, entry->str_value); + strncpy(class->font, entry->str_value, FONTNAME_SIZE); + class->font[FONTNAME_SIZE - 1] = '\0'; xprintf(class->xine, XINE_VERBOSITY_DEBUG, "libsputext: spu_font = %s\n", class->font ); } @@ -840,13 +852,14 @@ static void *init_spu_decoder_plugin (xine_t *xine, void *data) { _("You can adjust the vertical position of the subtitle. " "The setting will be evaluated relative to the window size."), 0, update_vertical_offset, this); - strcpy(this->font, xine->config->register_string(xine->config, + strncpy(this->font, xine->config->register_string(xine->config, "misc.spu_font", "sans", _("font for subtitles"), _("A font from the xine font directory to be used for the " "subtitle text."), - 10, update_osd_font, this)); + 10, update_osd_font, this), FONTNAME_SIZE); + this->font[FONTNAME_SIZE - 1] = '\0'; this->src_encoding = xine->config->register_string(xine->config, "misc.spu_src_encoding", xine_guess_spu_encoding(), |