[Mplayerxp-cvslog] SF.net SVN: mplayerxp:[193] mplayerxp

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 193
          http://mplayerxp.svn.sourceforge.net/mplayerxp/?rev=193&view=rev
Author:   nickols_k
Date:     2012-10-24 15:56:40 +0000 (Wed, 24 Oct 2012)
Log Message:
-----------
randomness makes memory exploits harder

Modified Paths:
--------------
    mplayerxp/libao2/audio_out.c
    mplayerxp/libao2/audio_out.h
    mplayerxp/libvo/video_out.c
    mplayerxp/mplayer.c
    mplayerxp/my_malloc.c
    mplayerxp/my_malloc.h

Modified: mplayerxp/libao2/audio_out.c
===================================================================

--- mplayerxp/libao2/audio_out.c	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/libao2/audio_out.c	2012-10-24 15:56:40 UTC (rev 193)
@@ -202,12 +202,13 @@
     return audio_out->info;
 }
 
-ao_data_t* __FASTCALL__ ao_init(unsigned flags)
+ao_data_t* __FASTCALL__ ao_init(unsigned flags,const char *subdevice)
 {
     ao_data_t* ao;
     int retval;
     ao=malloc(sizeof(ao_data_t));
     memset(ao,0,sizeof(ao_data_t));
+    ao->subdevice=subdevice;
     ao->outburst=OUTBURST;
     ao->buffersize=-1;
     retval = audio_out->init(ao,flags);

Modified: mplayerxp/libao2/audio_out.h
===================================================================
--- mplayerxp/libao2/audio_out.h	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/libao2/audio_out.h	2012-10-24 15:56:40 UTC (rev 193)
@@ -107,7 +107,7 @@
 extern void		ao_print_help( void );
 extern const ao_functions_t* __FASTCALL__ ao_register(const char *driver_name);
 extern const ao_info_t*	ao_get_info( void );
-extern ao_data_t*	 __FASTCALL__ ao_init(unsigned flags);
+extern ao_data_t*	 __FASTCALL__ ao_init(unsigned flags,const char *subdevice);
 extern int		 __FASTCALL__ ao_configure(ao_data_t* priv,unsigned rate,unsigned channels,unsigned format);
 extern void		ao_uninit(ao_data_t* priv);
 extern void		ao_reset(ao_data_t* priv);

Modified: mplayerxp/libvo/video_out.c
===================================================================
--- mplayerxp/libvo/video_out.c	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/libvo/video_out.c	2012-10-24 15:56:40 UTC (rev 193)
@@ -33,6 +33,7 @@
 #include "../postproc/swscale.h"
 #include "../postproc/vf.h"
 #include "../dec_ahead.h"
+#include "../my_malloc.h"
 #include "../mplayer.h"
 #include "fastmemcpy.h"
 #include "img_format.h"
@@ -180,7 +181,7 @@
     vo_conf.da_buffs=64;
     vo_conf.WinID=-1;
 
-    vo=malloc(sizeof(vo_data_t));
+    vo=random_malloc(sizeof(vo_data_t),1000);
     memset(vo,0,sizeof(vo_data_t));
     vo->window = None;
     vo->osd_progbar_type=-1;

Modified: mplayerxp/mplayer.c
===================================================================
--- mplayerxp/mplayer.c	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/mplayer.c	2012-10-24 15:56:40 UTC (rev 193)
@@ -1673,7 +1673,8 @@
     vo_init_osd();
 }
 
-static void mpxp_init_output_subsystems(void) {
+static char * mpxp_init_output_subsystems(void) {
+    char* rs=NULL;
     unsigned i;
     // check video_out driver name:
     if (video_driver)
@@ -1709,9 +1710,8 @@
 
 	    if (audio_driver[i] == ':')
 	    {
-		ao_data->subdevice = malloc(i2-i);
-		if (ao_data->subdevice != NULL)
-		    strncpy(ao_data->subdevice, (char *)(audio_driver+i+1), i2-i);
+		rs = malloc(i2-i);
+		if (rs != NULL)  strncpy(rs, (char *)(audio_driver+i+1), i2-i);
 		audio_driver[i] = '\0';
 	    }
 	}
@@ -1720,6 +1720,7 @@
 	MSG_FATAL(MSGTR_InvalidAOdriver,audio_driver);
 	exit_player(MSGTR_Exit_error);
     }
+    return rs;
 }
 
 static int mpxp_init_vobsub(const char *filename) {
@@ -2398,6 +2399,7 @@
 int main(int argc,char* argv[], char *envp[]){
     int stream_dump_type=0;
     input_state_t input_state = { 0, 0, 0 };
+    char *ao_subdevice;
     char* filename=NULL; //"MI2-Trailer.avi";
     int file_format=DEMUXER_TYPE_UNKNOWN;
 
@@ -2499,7 +2501,7 @@
 	inited_flags|=INITED_GETCH2;
     }
 
-    mpxp_init_output_subsystems();
+    ao_subdevice=mpxp_init_output_subsystems();
     if(filename) MSG_OK(MSGTR_Playing, filename);
 
     forced_subs_only=mpxp_init_vobsub(filename);
@@ -2597,7 +2599,7 @@
 	goto dump_file;
     }
 
-    if(!(ao_data=ao_init(0))) {
+    if(!(ao_data=ao_init(0,ao_subdevice))) {
 	MSG_ERR(MSGTR_CannotInitAO);
 	sh_audio=d_audio->sh=NULL;
     }

Modified: mplayerxp/my_malloc.c
===================================================================
--- mplayerxp/my_malloc.c	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/my_malloc.c	2012-10-24 15:56:40 UTC (rev 193)
@@ -2,6 +2,7 @@
 
 #include <string.h>
 #include <stdio.h>
+#include <time.h>
 
 any_t*my_malloc(size_t __size)
 {
@@ -100,6 +101,20 @@
 {
   any_t*a;
   a = my_malloc(strlen(s)+1);
-  strcpy(a,s); 
+  strcpy(a,s);
   return a;
 }
+
+any_t* random_malloc(size_t __size,unsigned rnd_limit)
+{
+    any_t* rb,*rnd_buff;
+    static int inited=0;
+    if(!inited) {
+	srand(time(NULL));
+	inited=1;
+    }
+    rnd_buff=malloc(rand()%rnd_limit);
+    rb = malloc(__size);
+    free(rnd_buff);
+    return rb;
+}

Modified: mplayerxp/my_malloc.h
===================================================================
--- mplayerxp/my_malloc.h	2012-10-24 13:00:34 UTC (rev 192)
+++ mplayerxp/my_malloc.h	2012-10-24 15:56:40 UTC (rev 193)
@@ -27,4 +27,7 @@
 #define free(a) my_free(a)
 #endif
 
+/* Randomizing memory objects makes memory exploits harder */
+extern any_t*	random_malloc(size_t __size,unsigned upper_rnd_limit);
+
 #endif

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



