[MPlayer-dev-eng] [PATCH] Do not use non-literal arguments for mp_msg format string
Alexander Strasser
eclipse7 at gmx.net
Sun Jan 26 01:30:17 CET 2014
Make the code easier to review and more robust against
future changes.
Fix ticket #2173
Signed-off-by: Alexander Strasser <eclipse7 at gmx.net>
---
The occurrence in gui/interface.c could actually be
security relevant. I didn't investigate deeply and only
had a quick look at the invocation of gmp_msg, where I
think there is at least one that accepts user-controlled
data. That could be used to craft something that gets
interpreted by implementation of the function that is
evaluating the strings as a format string which means
possibilities depend on the exact implementation used.
gui/interface.c | 2 +-
stream/stream_radio.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/gui/interface.c b/gui/interface.c
index 6e2387e..fdd6db4 100644
--- a/gui/interface.c
+++ b/gui/interface.c
@@ -1183,7 +1183,7 @@ void gmp_msg(int mod, int lev, const char *format, ...)
vsnprintf(msg, sizeof(msg), format, va);
va_end(va);
- mp_msg(mod, lev, msg);
+ mp_msg(mod, lev, "%s", msg);
if (mp_msg_test(mod, lev))
gtkMessageBox(MSGBOX_FATAL, msg);
diff --git a/stream/stream_radio.c b/stream/stream_radio.c
index afbea43..a91c051 100644
--- a/stream/stream_radio.c
+++ b/stream/stream_radio.c
@@ -1138,7 +1138,7 @@ static int open_s(stream_t *stream,int mode, void* opts, int* file_format) {
mp_msg(MSGT_RADIO,MSGL_V,"\n");
if(priv->driver)
- mp_msg(MSGT_RADIO, MSGL_INFO, priv->driver->info);
+ mp_msg(MSGT_RADIO, MSGL_INFO, "%s", priv->driver->info);
else{
mp_msg(MSGT_RADIO, MSGL_INFO, MSGTR_RADIO_DriverUnknownStr,priv->radio_param->driver);
close_s(stream);
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20140126/971ae7ed/attachment.asc>
More information about the MPlayer-dev-eng
mailing list