potentially exploitable buffer overflow with maliciously crafted cd toc

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12290 b3059339-0415-0410-9bf9-f77b7e298cf2
2025-02-20 14:56:55 +00:00 · 2004-04-26 09:33:35 +00:00 · 2004-04-26 09:33:35 +00:00 · b04d1313a8
commit b04d1313a8
parent d574a77cf3
1 changed files with 1 additions and 0 deletions
--- a/libmpdemux/cddb.c
+++ b/libmpdemux/cddb.c
@ -587,6 +587,7 @@ cddb_retrieve(cddb_data_t *cddb_data) {
 	ptr = offsets;
 	for( i=0; i<cddb_data->tracks ; i++ ) {
 		ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+		if (ptr-offsets > sizeof offsets - 40) break;
 	}
 	ptr[0]=0;
 	time_len = (cdtoc[cddb_data->tracks].frame)/75;