vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Tue Sep 1 21:44:37 2015 +0300| [111382936de269a7c51a05d9f86b943ecd84210b] | committer: Rémi Denis-Courmont
sdp: fix potential read overflow and get rid of info.i_pos > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=111382936de269a7c51a05d9f86b943ecd84210b --- modules/access/sdp.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/access/sdp.c b/modules/access/sdp.c index 5d9ef7a..0da35ba 100644 --- a/modules/access/sdp.c +++ b/modules/access/sdp.c @@ -46,6 +46,7 @@ static int Control (access_t *, int, va_list); struct access_sys_t { + size_t offset; size_t length; char data[]; }; @@ -60,6 +61,7 @@ static int Open (vlc_object_t *obj) return VLC_ENOMEM; /* NOTE: This copy is not really needed. Better safe than sorry. */ + sys->offset = 0; sys->length = len; memcpy (sys->data, access->psz_location, len); @@ -85,22 +87,26 @@ static ssize_t Read (access_t *access, uint8_t *buf, size_t len) { access_sys_t *sys = access->p_sys; - if (access->info.i_pos >= sys->length) + if (sys->offset >= sys->length) { access->info.b_eof = true; return 0; } - if (len > sys->length) - len = sys->length; - memcpy (buf, sys->data + access->info.i_pos, len); - access->info.i_pos += len; + if (len > sys->length - sys->offset) + len = sys->length - sys->offset; + memcpy (buf, sys->data + sys->offset, len); return len; } static int Seek (access_t *access, uint64_t position) { - access->info.i_pos = position; + access_sys_t *sys = access->p_sys; + + if (position > sys->length) + position = sys->length; + + sys->offset = position; access->info.b_eof = false; return VLC_SUCCESS; } @@ -135,6 +141,5 @@ static int Control (access_t *access, int query, va_list args) case ACCESS_SET_PAUSE_STATE: return VLC_SUCCESS; } - (void) access; return VLC_EGENERIC; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
