From 8c3a19d8a8ecb66ac94a5b483928f65f6614006d Mon Sep 17 00:00:00 2001 From: rtogni Date: Sun, 20 Jan 2008 20:58:02 +0000 Subject: [PATCH] Prevent possible buffer overflow on album_title[] Based on a patch by Adam Bozanich abozanich musecurity com git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@25824 b3059339-0415-0410-9bf9-f77b7e298cf2 --- stream/stream_cddb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/stream/stream_cddb.c b/stream/stream_cddb.c index f3c2410b8d..baabccac59 100644 --- a/stream/stream_cddb.c +++ b/stream/stream_cddb.c @@ -58,6 +58,7 @@ #include "version.h" #include "stream.h" #include "network.h" +#include "libavutil/intreadwrite.h" #define DEFAULT_FREEDB_SERVER "freedb.freedb.org" #define DEFAULT_CACHE_DIR "/.cddb/" @@ -503,8 +504,9 @@ cddb_parse_matches_list(HTTP_header_t *http_hdr, cddb_data_t *cddb_data) { } else { len = ptr2-ptr+1; } + len = FFMIN(sizeof(album_title) - 1, len); strncpy(album_title, ptr, len); - album_title[len-2]='\0'; + album_title[len]='\0'; } mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title); return 0; @@ -540,8 +542,9 @@ cddb_query_parse(HTTP_header_t *http_hdr, cddb_data_t *cddb_data) { } else { len = ptr2-ptr+1; } + len = FFMIN(sizeof(album_title) - 1, len); strncpy(album_title, ptr, len); - album_title[len-2]='\0'; + album_title[len]='\0'; } mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title); return cddb_request_titles(cddb_data);