Update of /cvsroot/xine/xine-lib/src/input/libreal
In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv7839/src/input/libreal
Modified Files:
asmrp.c asmrp.h real.c
Log Message:
Fix buffer overrun reported by Roland Kay with JW's patch. Close bug #1603458.
Index: asmrp.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/input/libreal/asmrp.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- asmrp.c 27 Aug 2004 18:34:16 -0000 1.8
+++ asmrp.c 29 Nov 2006 19:43:01 -0000 1.9
@@ -604,7 +604,7 @@
return ret;
}
-static int asmrp_eval (asmrp_t *p, int *matches) {
+static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
int rule_num, num_matches;
@@ -613,7 +613,7 @@
asmrp_get_sym (p);
rule_num = 0; num_matches = 0;
- while (p->sym != ASMRP_SYM_EOF) {
+ while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
if (asmrp_rule (p)) {
lprintf ("rule #%d is true\n", rule_num);
@@ -629,7 +629,7 @@
return num_matches;
}
-int asmrp_match (const char *rules, int bandwidth, int *matches) {
+int asmrp_match (const char *rules, int bandwidth, int *matches, int
matchsize) {
asmrp_t *p;
int num_matches;
@@ -641,7 +641,7 @@
asmrp_set_id (p, "Bandwidth", bandwidth);
asmrp_set_id (p, "OldPNMPlayer", 0);
- num_matches = asmrp_eval (p, matches);
+ num_matches = asmrp_eval (p, matches, matchsize);
asmrp_dispose (p);
Index: asmrp.h
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/input/libreal/asmrp.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- asmrp.h 9 Dec 2003 00:02:30 -0000 1.2
+++ asmrp.h 29 Nov 2006 19:43:01 -0000 1.3
@@ -37,6 +37,6 @@
#ifndef HAVE_ASMRP_H
#define HAVE_ASMRP_H
-int asmrp_match (const char *rules, int bandwidth, int *matches) ;
+int asmrp_match (const char *rules, int bandwidth, int *matches, int
matchesizxe) ;
#endif
Index: real.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/input/libreal/real.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- real.c 20 Jun 2006 01:07:58 -0000 1.23
+++ real.c 29 Nov 2006 19:43:01 -0000 1.24
@@ -476,7 +476,7 @@
lprintf("calling asmrp_match with:\n%s\n%u\n",
desc->stream[i]->asm_rule_book, bandwidth);
- n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches);
+ n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches,
sizeof(rulematches)/sizeof(rulematches[0]));
for (j=0; j<n; j++) {
lprintf("asmrp rule match: %u for stream %u\n", rulematches[j],
desc->stream[i]->stream_id);
sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id,
rulematches[j]);
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Xine-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xine-cvslog
