[Mplayer-cvslog] CVS: main/libmpdemux cddb.c,1.15,1.16

Richard Felker CVS syncmail at mplayerhq.hu
Mon Apr 26 11:33:38 CEST 2004


CVS change done by Richard Felker CVS

Update of /cvsroot/mplayer/main/libmpdemux
In directory mail:/var2/tmp/cvs-serv14186/libmpdemux

Modified Files:
	cddb.c 
Log Message:
potentially exploitable buffer overflow with maliciously crafted cd toc

Index: cddb.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpdemux/cddb.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- cddb.c	17 Feb 2004 12:30:44 -0000	1.15
+++ cddb.c	26 Apr 2004 09:33:35 -0000	1.16
@@ -587,6 +587,7 @@
 	ptr = offsets;
 	for( i=0; i<cddb_data->tracks ; i++ ) {
 		ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+		if (ptr-offsets > sizeof offsets - 40) break;
 	}
 	ptr[0]=0;
 	time_len = (cdtoc[cddb_data->tracks].frame)/75;




More information about the MPlayer-cvslog mailing list