[MPlayer-users] Bugreport SIGSEGV => get_path()

Martin Oberzalek kingleo at gmx.at
Mon Jan 5 09:09:31 CET 2004 

Hello, I found a bug:

MPlayer 1.0pre3-2.95.3 on Linux (SuSE 8.0 Athlon Thunderbird 800MHz)

# mplayer.c
...
1622 #ifdef USE_SUB
1623 if(sh_video) {
1624 // after reading video params we should load subtitles because
1625 // we know fps so now we can adjust subtitles time to ~6 seconds AST
1626 // check .sub
1627   current_module="read_subtitles_file";
1628   if(sub_name){
1629     for (i = 0; sub_name[i] != NULL; ++i) 
1630         add_subtitles (sub_name[i], sh_video->fps, 0); 
1631   } 
1632   if(sub_auto) { // auto load sub file ...
1633     char **tmp = sub_filenames(get_path("sub/"), filename); /* <==== */
1634     char **tmp2 = tmp;
1635     while (*tmp2)
1636         add_subtitles (*tmp2++, sh_video->fps, 0);
...

# subreader.c
1640 char** sub_filenames(char* path, char *fname)
1641 {
1642   
...
1656 
1657     len = (strlen(fname) > 256 ? strlen(fname) : 256)
1658         +(strlen(path) > 256 ? strlen(path) : 256)+2; /* <=== BOOOOOM */
1659 
1660     f_dir = (char*)malloc(len);
1661     f_fname = (char*)malloc(len);
1662     f_fname_noext = (char*)malloc(len);
1663     f_fname_trim = (char*)malloc(len);
1664 

get_path() can return NULL. And at line mplayer.c:1633 this isn't checked, so 
at line subreader.c:1658 strlen() is called on a NULL pointer and mplayer 
crashes.

get_path() returns NULL if $HOME is not set. And this is the case if you call 
mplayer via apache => php => exec().

The bug can be triggered by using following program:
(I do not know a shell command which does the same)
/************* execle ****************/
#include <unistd.h>

int main( int argc, char **argv )
{
   char *env[] = { NULL };

   return execle( argv[1], argv[1], argv[2], 0, env );
}
/************** execle ***************/

and calling mplayer this way:

./execle /usr/local/bin/mplayer test.avi

Greetings, Martin!

-- 
Das ist keine fehlerhafte Rechtschreibung, sondern .. aehm.. modifizierte
Huffmann Codierung. Nur weil du das nicht lesen kannst ist es nicht 
falsch! :)
                                   Szomraky Stefan in at.linux

More information about the MPlayer-users mailing list