Update of /cvsroot/xine/xine-lib/src/input/vcd
In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3065/src/input/vcd
Modified Files:
xineplug_inp_vcd.c
Log Message:
Remove any possibility of strcpy/sprintf overflows wrt front ends requesting
language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes).
Also fixes an off-by-one buffer termination in the TS code.
(Note: compile-tested only.)
Index: xineplug_inp_vcd.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/input/vcd/xineplug_inp_vcd.c,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- xineplug_inp_vcd.c 19 Dec 2006 19:10:51 -0000 1.52
+++ xineplug_inp_vcd.c 8 Feb 2007 02:40:23 -0000 1.53
@@ -1295,7 +1295,7 @@
dbg_print(INPUT_DBG_EXT, "AUDIO CHANNEL = %d\n", channel);
if (channel == (uint8_t)-1) {
- sprintf(data, " %s", "auto");
+ strcpy(data, "auto");
} else {
const vcdinfo_obj_t *p_vcdinfo= my_vcd.player.vcd;
unsigned int audio_type;
@@ -1320,9 +1320,9 @@
channel = (int8_t) _x_get_spu_channel(my_vcd.stream);
dbg_print(INPUT_DBG_EXT, "SPU CHANNEL = %d\n", channel);
if (-1 == channel) {
- sprintf(data, " %s", "auto");
+ strcpy(data, "auto");
} else {
- sprintf(data, " %1d", channel);
+ sprintf(data, "%1d", channel);
}
}
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Xine-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xine-cvslog
