[xine-cvs] CVS: xine-lib/src/demuxers demux_ogg.c, 1.174, 1.175 demux_ts.c, 1.124, 1.125

Wed, 07 Feb 2007 18:40:28 -0800 

Update of /cvsroot/xine/xine-lib/src/demuxers
In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3065/src/demuxers

Modified Files:
        demux_ogg.c demux_ts.c 
Log Message:
Remove any possibility of strcpy/sprintf overflows wrt front ends requesting
language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes).
Also fixes an off-by-one buffer termination in the TS code.
(Note: compile-tested only.)

Index: demux_ogg.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/demuxers/demux_ogg.c,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- demux_ogg.c 23 Jan 2007 23:20:23 -0000      1.174
+++ demux_ogg.c 8 Feb 2007 02:40:22 -0000       1.175
@@ -1865,9 +1865,7 @@
   for (stream_num=0; stream_num<this->num_streams; stream_num++) {
     if ((this->si[stream_num]->buf_types & buf_mask) == buf_type) {
       if (this->si[stream_num]->language) {
-        strncpy (str, this->si[stream_num]->language, XINE_LANG_MAX);
-        str[XINE_LANG_MAX - 1] = '\0';
-        if (strlen(this->si[stream_num]->language) >= XINE_LANG_MAX)
+        if (snprintf (str, XINE_LANG_MAX, "%s", 
this->si[stream_num]->language) >= XINE_LANG_MAX)
           /* the string got truncated */
           str[XINE_LANG_MAX - 2] = str[XINE_LANG_MAX - 3] = str[XINE_LANG_MAX 
- 4] = '.';
         /* TODO: provide long version in XINE_META_INFO_FULL_LANG */

Index: demux_ts.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/demuxers/demux_ts.c,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -r1.124 -r1.125
--- demux_ts.c  19 Jan 2007 00:26:40 -0000      1.124
+++ demux_ts.c  8 Feb 2007 02:40:22 -0000       1.125
@@ -2015,11 +2015,12 @@
     case DEMUX_OPTIONAL_DATA_AUDIOLANG:
       if (this->audioLang[0])
        {
-         strcpy(str, this->audioLang);
+         strncpy(str, this->audioLang, XINE_LANG_MAX - 1);
+         str[XINE_LANG_MAX - 1] = 0;
        }
       else
        {
-         sprintf(str, "%3i", _x_get_audio_channel(this->stream));
+         snprintf(str, XINE_LANG_MAX, "%3i", 
_x_get_audio_channel(this->stream));
        }
       return DEMUX_OPTIONAL_SUCCESS;
 
@@ -2028,7 +2029,7 @@
          && this->current_spu_channel < this->no_spu_langs)
        {
          memcpy(str, this->spu_langs[this->current_spu_channel].desc.lang, 3);
-         str[4] = 0;
+         str[3] = 0;
        }
       else if (this->current_spu_channel == -1)
        {
@@ -2036,7 +2037,7 @@
        }
       else
        {
-         sprintf(str, "%3i", this->current_spu_channel);
+         snprintf(str, XINE_LANG_MAX, "%3i", this->current_spu_channel);
        }
       return DEMUX_OPTIONAL_SUCCESS;
 


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Xine-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xine-cvslog

Reply via email to