[gtpd-cvs] SF.net SVN: gtkpod:[2341] libgpod/trunk

Sat, 02 May 2009 12:00:53 -0700 

Revision: 2341
          http://gtkpod.svn.sourceforge.net/gtkpod/?rev=2341&view=rev
Author:   teuf
Date:     2009-05-02 19:00:30 +0000 (Sat, 02 May 2009)

Log Message:
-----------
Make sure that stack allocated arrays are not overrun.

The array db only has 2 entries. So indexing at 2 and 3 is
out of bounds.

Modified Paths:
--------------
    libgpod/trunk/ChangeLog
    libgpod/trunk/src/itdb_itunesdb.c

Modified: libgpod/trunk/ChangeLog
===================================================================
--- libgpod/trunk/ChangeLog     2009-05-02 19:00:14 UTC (rev 2340)
+++ libgpod/trunk/ChangeLog     2009-05-02 19:00:30 UTC (rev 2341)
@@ -2,6 +2,13 @@
 
        Patch from: Erik Hovland <[email protected]>
 
+       * src/itdb_itunesdb.c: don't access out of 'db' bounds when
+       building the pathname in an error case
+
+2009-05-02  Christophe Fergeau  <[email protected]>
+
+       Patch from: Erik Hovland <[email protected]>
+
        * src/db-image-parser.c:
        * src/itdb_chapterdata.c:
        * src/itdb_itunesdb.c:

Modified: libgpod/trunk/src/itdb_itunesdb.c
===================================================================
--- libgpod/trunk/src/itdb_itunesdb.c   2009-05-02 19:00:14 UTC (rev 2340)
+++ libgpod/trunk/src/itdb_itunesdb.c   2009-05-02 19:00:30 UTC (rev 2341)
@@ -3035,7 +3035,7 @@
     }
     else
     {
-       gchar *str = g_build_filename (mp, db[0], db[1], db[2], db[3], NULL);
+       gchar *str = g_build_filename (mp, itunes_dir, db[0], NULL);
        g_set_error (error,
                     ITDB_FILE_ERROR,
                     ITDB_FILE_ERROR_NOTFOUND,


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
gtkpod-cvs2 mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/gtkpod-cvs2

Reply via email to