Update of /cvsroot/xine/xine-lib/src/input
In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3065/src/input
Modified Files:
input_dvd.c
Log Message:
Remove any possibility of strcpy/sprintf overflows wrt front ends requesting
language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes).
Also fixes an off-by-one buffer termination in the TS code.
(Note: compile-tested only.)
Index: input_dvd.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/input/input_dvd.c,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- input_dvd.c 19 Jan 2007 01:05:25 -0000 1.214
+++ input_dvd.c 8 Feb 2007 02:40:23 -0000 1.215
@@ -1278,7 +1278,7 @@
if(this && this->stream && this->dvdnav) {
if(!(dvdnav_is_domain_vts(this->dvdnav))) {
- sprintf(data, "%s", "menu");
+ strcpy(data, "menu");
if (channel <= 0)
return INPUT_OPTIONAL_SUCCESS;
else
@@ -1297,11 +1297,11 @@
sprintf(data, " %c%c", lang >> 8, lang & 0xff);
/* TODO: provide long version in XINE_META_INFO_FULL_LANG */
else
- sprintf(data, " %c%c", '?', '?');
+ strcpy(data, " ??");
return INPUT_OPTIONAL_SUCCESS;
} else {
if (channel == -1) {
- sprintf(data, "%s", "none");
+ strcpy(data, "none");
return INPUT_OPTIONAL_SUCCESS;
}
}
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Xine-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xine-cvslog
