VDR uses the construct "strcpy(s, s + 1)" in plugin arguments processing for
stripping first character of s. However, as per strcpy man page, the source
and destination strings may not overlap.
There are a couple of ways to fix them, but the attached patch simply changes
them to "memmove(s, s + 1, strlen(s))". The patch applies both to 1.7.10 and
1.6.0.
This fixes plugin arguments corruption with glibc 2.11 on x86_64.
--
Anssi Hannula
Index: vdr-1.7.10/plugin.c
===================================================================
--- vdr-1.7.10/plugin.c
+++ vdr-1.7.10/plugin.c 2010-01-06 12:47:43.396957257 +0200
@@ -172,15 +172,15 @@
static char *SkipQuote(char *s)
{
char c = *s;
- strcpy(s, s + 1);
+ memmove(s, s + 1, strlen(s));
while (*s && *s != c) {
if (*s == '\\')
- strcpy(s, s + 1);
+ memmove(s, s + 1, strlen(s));
if (*s)
s++;
}
if (*s) {
- strcpy(s, s + 1);
+ memmove(s, s + 1, strlen(s));
return s;
}
esyslog("ERROR: missing closing %c", c);
@@ -215,7 +215,7 @@
if (!q)
q = p;
switch (*p) {
- case '\\': strcpy(p, p + 1);
+ case '\\': memmove(p, p + 1, strlen(p));
if (*p)
p++;
else {
_______________________________________________
vdr mailing list
vdr@linuxtv.org
http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
