diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2007-02-08 02:40:22 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2007-02-08 02:40:22 +0000 |
| commit | e418c1e04f612664164841c297ddb97a0f3135bf (patch) | |
| tree | 8fc36e7a16fd0e482083e45d1ba6d1f3ef1a5742 /src/demuxers | |
| parent | 2e01aa74ccd6a4d559f9b0cea2db95d6ccf7d696 (diff) | |
| download | xine-lib-e418c1e04f612664164841c297ddb97a0f3135bf.tar.gz xine-lib-e418c1e04f612664164841c297ddb97a0f3135bf.tar.bz2 | |
Remove any possibility of strcpy/sprintf overflows wrt front ends requesting
language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes).
Also fixes an off-by-one buffer termination in the TS code.
(Note: compile-tested only.)
CVS patchset: 8592
CVS date: 2007/02/08 02:40:22
Diffstat (limited to 'src/demuxers')
| -rw-r--r-- | src/demuxers/demux_ogg.c | 6 | ||||
| -rw-r--r-- | src/demuxers/demux_ts.c | 11 |
2 files changed, 8 insertions, 9 deletions
diff --git a/src/demuxers/demux_ogg.c b/src/demuxers/demux_ogg.c index 218728e1b..59ede919b 100644 --- a/src/demuxers/demux_ogg.c +++ b/src/demuxers/demux_ogg.c @@ -19,7 +19,7 @@ */ /* - * $Id: demux_ogg.c,v 1.174 2007/01/23 23:20:23 hadess Exp $ + * $Id: demux_ogg.c,v 1.175 2007/02/08 02:40:22 dsalt Exp $ * * demultiplexer for ogg streams * @@ -1865,9 +1865,7 @@ static int format_lang_string (demux_ogg_t * this, uint32_t buf_mask, uint32_t b for (stream_num=0; stream_num<this->num_streams; stream_num++) { if ((this->si[stream_num]->buf_types & buf_mask) == buf_type) { if (this->si[stream_num]->language) { - strncpy (str, this->si[stream_num]->language, XINE_LANG_MAX); - str[XINE_LANG_MAX - 1] = '\0'; - if (strlen(this->si[stream_num]->language) >= XINE_LANG_MAX) + if (snprintf (str, XINE_LANG_MAX, "%s", this->si[stream_num]->language) >= XINE_LANG_MAX) /* the string got truncated */ str[XINE_LANG_MAX - 2] = str[XINE_LANG_MAX - 3] = str[XINE_LANG_MAX - 4] = '.'; /* TODO: provide long version in XINE_META_INFO_FULL_LANG */ diff --git a/src/demuxers/demux_ts.c b/src/demuxers/demux_ts.c index 99bc486a0..da2c37625 100644 --- a/src/demuxers/demux_ts.c +++ b/src/demuxers/demux_ts.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: demux_ts.c,v 1.124 2007/01/19 00:26:40 dgp85 Exp $ + * $Id: demux_ts.c,v 1.125 2007/02/08 02:40:22 dsalt Exp $ * * Demultiplexer for MPEG2 Transport Streams. * @@ -2015,11 +2015,12 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, case DEMUX_OPTIONAL_DATA_AUDIOLANG: if (this->audioLang[0]) { - strcpy(str, this->audioLang); + strncpy(str, this->audioLang, XINE_LANG_MAX - 1); + str[XINE_LANG_MAX - 1] = 0; } else { - sprintf(str, "%3i", _x_get_audio_channel(this->stream)); + snprintf(str, XINE_LANG_MAX, "%3i", _x_get_audio_channel(this->stream)); } return DEMUX_OPTIONAL_SUCCESS; @@ -2028,7 +2029,7 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, && this->current_spu_channel < this->no_spu_langs) { memcpy(str, this->spu_langs[this->current_spu_channel].desc.lang, 3); - str[4] = 0; + str[3] = 0; } else if (this->current_spu_channel == -1) { @@ -2036,7 +2037,7 @@ static int demux_ts_get_optional_data(demux_plugin_t *this_gen, } else { - sprintf(str, "%3i", this->current_spu_channel); + snprintf(str, XINE_LANG_MAX, "%3i", this->current_spu_channel); } return DEMUX_OPTIONAL_SUCCESS; |