From: Darren S. <ds...@us...> - 2007-02-08 02:40:24
|
Update of /cvsroot/xine/xine-lib/src/input In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3065/src/input Modified Files: input_dvd.c Log Message: Remove any possibility of strcpy/sprintf overflows wrt front ends requesting language & subtitle strings (given a buffer of >= XINE_LANG_MAX bytes). Also fixes an off-by-one buffer termination in the TS code. (Note: compile-tested only.) Index: input_dvd.c =================================================================== RCS file: /cvsroot/xine/xine-lib/src/input/input_dvd.c,v retrieving revision 1.214 retrieving revision 1.215 diff -u -r1.214 -r1.215 --- input_dvd.c 19 Jan 2007 01:05:25 -0000 1.214 +++ input_dvd.c 8 Feb 2007 02:40:23 -0000 1.215 @@ -1278,7 +1278,7 @@ if(this && this->stream && this->dvdnav) { if(!(dvdnav_is_domain_vts(this->dvdnav))) { - sprintf(data, "%s", "menu"); + strcpy(data, "menu"); if (channel <= 0) return INPUT_OPTIONAL_SUCCESS; else @@ -1297,11 +1297,11 @@ sprintf(data, " %c%c", lang >> 8, lang & 0xff); /* TODO: provide long version in XINE_META_INFO_FULL_LANG */ else - sprintf(data, " %c%c", '?', '?'); + strcpy(data, " ??"); return INPUT_OPTIONAL_SUCCESS; } else { if (channel == -1) { - sprintf(data, "%s", "none"); + strcpy(data, "none"); return INPUT_OPTIONAL_SUCCESS; } } |