vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Mon Nov 17 18:33:02 2014 +0200| [dee1ccf02c28d4fa02f8b813b37cc0462d57d95d] | committer: Rémi Denis-Courmont
gvp: fix leaks and integer overflow on multi-lines > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=dee1ccf02c28d4fa02f8b813b37cc0462d57d95d --- modules/demux/playlist/gvp.c | 73 +++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 43 deletions(-) diff --git a/modules/demux/playlist/gvp.c b/modules/demux/playlist/gvp.c index 5b17967..e28e09b 100644 --- a/modules/demux/playlist/gvp.c +++ b/modules/demux/playlist/gvp.c @@ -97,13 +97,13 @@ int Import_GVP( vlc_object_t *p_this ) static int Demux( demux_t *p_demux ) { char *psz_line; - char *psz_attrvalue; char *psz_version = NULL; char *psz_url = NULL; char *psz_docid = NULL; char *psz_title = NULL; - char *psz_description = NULL; + char *psz_desc = NULL; + size_t desclen = 0; input_item_t *p_input; input_item_t *p_current_input = GetCurrentItem(p_demux); @@ -118,54 +118,41 @@ static int Demux( demux_t *p_demux ) free( psz_line ); continue; } - psz_attrvalue = strchr( psz_line, ':' ); - if( !psz_attrvalue ) + + char *value = strchr( psz_line, ':' ); + if( value == NULL ) { msg_Dbg( p_demux, "Unable to parse line (%s)", psz_line ); free( psz_line ); continue; } - *psz_attrvalue = '\0'; - psz_attrvalue++; - if( !strcmp( psz_line, "gvp_version" ) ) - { - psz_version = strdup( psz_attrvalue ); - } - else if( !strcmp( psz_line, "url" ) ) - { - psz_url = strdup( psz_attrvalue ); - } - else if( !strcmp( psz_line, "docid" ) ) - { - psz_docid = strdup( psz_attrvalue ); - } + *(value++) = '\0'; + + size_t len = strlen( value ); + if( len > 0 && value[len - 1] == '\r' ) + value[--len] = '\0'; /* strip trailing CR */ + + if( psz_version == NULL && !strcmp( psz_line, "gvp_version" ) ) + psz_version = strdup( value ); + else if( psz_url == NULL && !strcmp( psz_line, "url" ) ) + psz_url = strdup( value ); + else if( psz_docid == NULL && !strcmp( psz_line, "docid" ) ) + psz_docid = strdup( value ); else if( !strcmp( psz_line, "duration" ) ) /*atoi( psz_attrvalue )*/; - else if( !strcmp( psz_line, "title" ) ) + else if( psz_title == NULL && !strcmp( psz_line, "title" ) ) + psz_title = strdup( value ); + else if( !strcmp( psz_line, "description" ) + && desclen < 32768 && len < 32768 ) { - psz_title = strdup( psz_attrvalue ); - } - else if( !strcmp( psz_line, "description" ) ) - { - char *buf; - if( !psz_description ) - { - psz_description = strdup( psz_attrvalue ); - } - else - { - /* handle multi-line descriptions */ - if( asprintf( &buf, "%s\n%s", psz_description, psz_attrvalue ) == -1 ) - buf = NULL; - free( psz_description ); - psz_description = buf; - } - /* remove ^M char at the end of the line (if any) */ - buf = psz_description + strlen( psz_description ); - if( buf != psz_description ) + char *buf = realloc( psz_desc, desclen + 1 + len + 1 ); + if( buf != NULL ) { - buf--; - if( *buf == '\r' ) *buf = '\0'; + if( desclen > 0 ) + buf[desclen++] = '\n'; + memcpy( buf + desclen, value, len + 1 ); + desclen += len; + psz_desc = buf; } } free( psz_line ); @@ -182,7 +169,7 @@ static int Demux( demux_t *p_demux ) p_input, _("Google Video"), type, "%s", field ) ; } SADD_INFO( "gvp_version", psz_version ); SADD_INFO( "docid", psz_docid ); - SADD_INFO( "description", psz_description ); + SADD_INFO( "description", psz_desc ); input_item_node_AppendItem( p_subitems, p_input ); vlc_gc_decref( p_input ); } @@ -195,7 +182,7 @@ static int Demux( demux_t *p_demux ) free( psz_url ); free( psz_docid ); free( psz_title ); - free( psz_description ); + free( psz_desc ); return 0; /* Needed for correct operation of go back */ } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
