RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix crash on some DVDs 

sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef",
in this case this leads to local array buffer overflow and hard to trace stack corruption.
The quick, easy & durty solution is to use (unsigned char) or (uint8_t)
Fixes Bugzilla 860 & 845


git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@23728 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
iive 2007-07-06 23:22:51 +00:00
parent 7138540983
commit fd11b253b9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libdvdcss/libdvdcss.c
View File

@ -404,7 +404,8 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
uint8_t p_sector[DVDCSS_BLOCK_SIZE];
char psz_debug[PATH_MAX + 30];
char psz_key[1 + KEY_SIZE * 2 + 1];
char *psz_title, *psz_serial;
char *psz_title;
uint8_t *psz_serial;
int i;
/* We read sector 0. If it starts with 0x000001ba (BE), we are
@ -462,7 +463,7 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
}
/* Get the date + serial */
psz_serial = (char *)p_sector + 813;
psz_serial = p_sector + 813;
psz_serial[16] = '\0';
/* Check that all characters are digits, otherwise convert. */