[Mplayer-cvslog] CVS: main/libmpdemux cddb.c,1.15,1.16
Richard Felker CVS
syncmail at mplayerhq.hu
Mon Apr 26 11:33:38 CEST 2004
CVS change done by Richard Felker CVS
Update of /cvsroot/mplayer/main/libmpdemux
In directory mail:/var2/tmp/cvs-serv14186/libmpdemux
Modified Files:
cddb.c
Log Message:
potentially exploitable buffer overflow with maliciously crafted cd toc
Index: cddb.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpdemux/cddb.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- cddb.c 17 Feb 2004 12:30:44 -0000 1.15
+++ cddb.c 26 Apr 2004 09:33:35 -0000 1.16
@@ -587,6 +587,7 @@
ptr = offsets;
for( i=0; i<cddb_data->tracks ; i++ ) {
ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+ if (ptr-offsets > sizeof offsets - 40) break;
}
ptr[0]=0;
time_len = (cdtoc[cddb_data->tracks].frame)/75;
More information about the MPlayer-cvslog
mailing list