diff --git a/stream/stream_cddb.c b/stream/stream_cddb.c index 339f8a75f1..76fdaa95b8 100644 --- a/stream/stream_cddb.c +++ b/stream/stream_cddb.c @@ -106,7 +106,7 @@ static int read_toc(const char *dev) CDROM_TOC toc; char device[10]; - sprintf(device, "\\\\.\\%s", dev); + snprintf(device, sizeof(device), "\\\\.\\%s", dev); drive = CreateFile(device, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, 0); @@ -305,7 +305,7 @@ static int cddb_http_request(char *command, if (reply_parser == NULL || command == NULL || cddb_data == NULL) return -1; - sprintf(request, "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", + snprintf(request, sizeof(request), "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", cddb_data->freedb_server, command, cddb_data->cddb_hello, cddb_data->freedb_proto_level); mp_msg(MSGT_OPEN, MSGL_INFO,"Request[%s]\n", request); @@ -358,7 +358,7 @@ static int cddb_read_cache(cddb_data_t *cddb_data) if (cddb_data == NULL || cddb_data->cache_dir == NULL) return -1; - sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); + snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); file_fd = open(file_name, O_RDONLY | O_BINARY); if (file_fd < 0) { @@ -419,7 +419,7 @@ static int cddb_write_cache(cddb_data_t *cddb_data) } } - sprintf(file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); + snprintf(file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id); file_fd = creat(file_name, S_IRUSR | S_IWUSR); if (file_fd < 0) { @@ -506,7 +506,7 @@ static int cddb_read_parse(HTTP_header_t *http_hdr, cddb_data_t *cddb_data) static int cddb_request_titles(cddb_data_t *cddb_data) { char command[1024]; - sprintf(command, "cddb+read+%s+%08lx", + snprintf(command, sizeof(command), "cddb+read+%s+%08lx", cddb_data->category, cddb_data->disc_id); return cddb_http_request(command, cddb_read_parse, cddb_data); } @@ -671,7 +671,8 @@ static void cddb_create_hello(cddb_data_t *cddb_data) } user_name = getenv("LOGNAME"); } - sprintf(cddb_data->cddb_hello, "&hello=%s+%s+%s", + snprintf(cddb_data->cddb_hello, sizeof(cddb_data->cddb_hello), + "&hello=%s+%s+%s", user_name, host_name, mplayer_version); } @@ -684,8 +685,9 @@ static int cddb_retrieve(cddb_data_t *cddb_data) ptr = offsets; for (i = 0; i < cddb_data->tracks ; i++) { - ptr += sprintf(ptr, "%d+", cdtoc[i].frame); - if (ptr-offsets > sizeof offsets - 40) break; + unsigned space = sizeof(offsets) - (ptr - offsets); + if (space < 40) break; + ptr += snprintf(ptr, space, "%d+", cdtoc[i].frame); } ptr[0] = 0; time_len = (cdtoc[cddb_data->tracks].frame)/75; @@ -700,7 +702,7 @@ static int cddb_retrieve(cddb_data_t *cddb_data) return -1; } - sprintf(command, "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, + snprintf(command, sizeof(command), "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, cddb_data->tracks, offsets, time_len); ret = cddb_http_request(command, cddb_query_parse, cddb_data); if (ret < 0) @@ -750,13 +752,13 @@ int cddb_resolve(const char *dev, char **xmcd_file) if (home_dir == NULL) { cddb_data.cache_dir = NULL; } else { - cddb_data.cache_dir = malloc(strlen(home_dir) - + strlen(cddb_cache_dir) + 1); + unsigned len = strlen(home_dir) + strlen(cddb_cache_dir) + 1; + cddb_data.cache_dir = malloc(len); if (cddb_data.cache_dir == NULL) { mp_tmsg(MSGT_DEMUX, MSGL_ERR, "Memory allocation failed.\n"); return -1; } - sprintf(cddb_data.cache_dir, "%s%s", home_dir, cddb_cache_dir); + snprintf(cddb_data.cache_dir, len, "%s%s", home_dir, cddb_cache_dir); } // Check for a cached file