[MPlayer-cvslog] r23728 - trunk/libdvdcss/libdvdcss.c
iive
subversion at mplayerhq.hu
Sat Jul 7 01:22:51 CEST 2007
Author: iive
Date: Sat Jul 7 01:22:51 2007
New Revision: 23728
Log:
Fix crash on some DVDs
sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef",
in this case this leads to local array buffer overflow and hard to trace stack corruption.
The quick, easy & durty solution is to use (unsigned char) or (uint8_t)
Fixes Bugzilla 860 & 845
Modified:
trunk/libdvdcss/libdvdcss.c
Modified: trunk/libdvdcss/libdvdcss.c
==============================================================================
--- trunk/libdvdcss/libdvdcss.c (original)
+++ trunk/libdvdcss/libdvdcss.c Sat Jul 7 01:22:51 2007
@@ -404,7 +404,8 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open (
uint8_t p_sector[DVDCSS_BLOCK_SIZE];
char psz_debug[PATH_MAX + 30];
char psz_key[1 + KEY_SIZE * 2 + 1];
- char *psz_title, *psz_serial;
+ char *psz_title;
+ uint8_t *psz_serial;
int i;
/* We read sector 0. If it starts with 0x000001ba (BE), we are
@@ -462,7 +463,7 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open (
}
/* Get the date + serial */
- psz_serial = (char *)p_sector + 813;
+ psz_serial = p_sector + 813;
psz_serial[16] = '\0';
/* Check that all characters are digits, otherwise convert. */
More information about the MPlayer-cvslog
mailing list