mirror of https://github.com/mpv-player/mpv
11d35b72a6
The size overflow check was inverted: instead of allowing reading only the first dst_size bytes of the property, it allowed copying past the property buffer (as returned by xlib). xlib doesn't return the size of the buffer in bytes, so it has to be computed and checked manually. Wouldn't it be great if C allowed me to write the overflow check in a readable way, so it doesn't trick me into writing dumb security bugs? Relying on X security is even dumber than creating a X security bug, though, so this was not a real problem. But I found that one specific call tried to read more than what the property provided, so reduce that. Also, len*ib obviously can't overflow, so there's an additional layer of dumb to this whole thing. While we're at dumb things, why the hell does xlib use "long" for 32 bit types. It's a god damn pain. |
||
---|---|---|
.. | ||
decode | ||
filter | ||
out | ||
csputils.c | ||
csputils.h | ||
d3d.c | ||
d3d.h | ||
fmt-conversion.c | ||
fmt-conversion.h | ||
hwdec.c | ||
hwdec.h | ||
image_loader.c | ||
image_loader.h | ||
image_writer.c | ||
image_writer.h | ||
img_format.c | ||
img_format.h | ||
mp_image.c | ||
mp_image.h | ||
mp_image_pool.c | ||
mp_image_pool.h | ||
sws_utils.c | ||
sws_utils.h | ||
vaapi.c | ||
vaapi.h | ||
vdpau.c | ||
vdpau.h | ||
vdpau_functions.inc | ||
vdpau_mixer.c | ||
vdpau_mixer.h | ||
zimg.c | ||
zimg.h |