[MPlayer-dev-eng] [PATCH 2/4] String handling audit/cleanup take 2
Nicholas Kain
njkain at gmail.com
Fri Mar 2 23:30:09 CET 2007
On 3/2/07, Nicholas Kain <njkain at gmail.com> wrote:
> I'll attempt to thread the messages beneath this one, barring any smtp delays.
Patch for the stream subdir.
-------------- next part --------------
--- stream/asf_streaming.c.orig 2007-03-02 11:13:36.000000000 -0500
+++ stream/asf_streaming.c 2007-03-02 13:50:05.000000000 -0500
@@ -584,16 +584,16 @@ static HTTP_header_t *asf_http_request(s
return NULL;
}
http_set_uri( http_hdr, server_url->url );
- sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port );
+ snprintf( str, sizeof(str), "Host: %.220s:%d", server_url->hostname, server_url->port );
url_free( server_url );
} else {
http_set_uri( http_hdr, url->file );
- sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
+ snprintf( str, sizeof(str), "Host: %.220s:%d", url->hostname, url->port );
}
http_set_field( http_hdr, str );
http_set_field( http_hdr, "Pragma: xClientGUID={c77e7400-738a-11d2-9add-0020af0a3278}" );
- sprintf(str,
+ snprintf(str, sizeof(str),
"Pragma: no-cache,rate=1.000000,stream-time=0,stream-offset=%u:%u,request-context=%d,max-duration=%u",
offset_hi, offset_lo, asf_http_ctrl->request, length );
http_set_field( http_hdr, str );
@@ -603,7 +603,7 @@ static HTTP_header_t *asf_http_request(s
case ASF_Prerecorded_e:
http_set_field( http_hdr, "Pragma: xPlayStrm=1" );
ptr = str;
- ptr += sprintf( ptr, "Pragma: stream-switch-entry=");
+ ptr += snprintf( ptr, sizeof(str), "Pragma: stream-switch-entry=");
if(asf_http_ctrl->n_audio > 0) {
for( i=0; i<asf_http_ctrl->n_audio ; i++ ) {
stream_id = asf_http_ctrl->audio_streams[i];
@@ -614,7 +614,7 @@ static HTTP_header_t *asf_http_request(s
continue;
}
asf_nb_stream++;
- ptr += sprintf(ptr, "ffff:%d:%d ", stream_id, enable);
+ ptr += snprintf(ptr, sizeof(str) - (ptr-str), "ffff:%d:%d ", stream_id, enable);
}
}
if(asf_http_ctrl->n_video > 0) {
@@ -627,11 +627,11 @@ static HTTP_header_t *asf_http_request(s
continue;
}
asf_nb_stream++;
- ptr += sprintf(ptr, "ffff:%d:%d ", stream_id, enable);
+ ptr += snprintf(ptr, sizeof(str) - (ptr-str), "ffff:%d:%d ", stream_id, enable);
}
}
http_set_field( http_hdr, str );
- sprintf( str, "Pragma: stream-switch-count=%d", asf_nb_stream );
+ snprintf( str, sizeof(str), "Pragma: stream-switch-count=%d", asf_nb_stream );
http_set_field( http_hdr, str );
break;
case ASF_Redirector_e:
@@ -690,8 +690,7 @@ static int asf_http_parse_response(asf_h
mp_msg(MSGT_NETWORK,MSGL_WARN,MSGTR_MPDEMUX_ASF_ASFHTTPParseWarnCuttedPragma,pragma,len,sizeof(features) - 1);
len = sizeof(features) - 1;
}
- strncpy( features, pragma, len );
- features[len]='\0';
+ strlcpy( features, pragma, len );
break;
}
comma_ptr = strstr( pragma, "," );
--- stream/cdinfo.c.orig 2007-03-02 11:05:12.000000000 -0500
+++ stream/cdinfo.c 2007-03-02 11:06:03.000000000 -0500
@@ -54,6 +54,7 @@ cd_info_free(cd_info_t *cd_info) {
cd_track_t*
cd_info_add_track(cd_info_t *cd_info, char *track_name, unsigned int track_nb, unsigned int min, unsigned int sec, unsigned int msec, unsigned long frame_begin, unsigned long frame_length) {
cd_track_t *cd_track;
+ size_t len;
if( cd_info==NULL || track_name==NULL ) return NULL;
@@ -63,14 +64,15 @@ cd_info_add_track(cd_info_t *cd_info, ch
return NULL;
}
memset(cd_track, 0, sizeof(cd_track_t));
-
- cd_track->name = malloc(strlen(track_name)+1);
+
+ len = strlen(track_name)+1;
+ cd_track->name = malloc(len);
if( cd_track->name==NULL ) {
mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_MemAllocFailed);
free(cd_track);
return NULL;
}
- strcpy(cd_track->name, track_name);
+ strlcpy(cd_track->name, track_name, len);
cd_track->track_nb = track_nb;
cd_track->min = min;
cd_track->sec = sec;
--- stream/cookies.c.orig 2007-03-02 11:34:16.000000000 -0500
+++ stream/cookies.c 2007-03-02 13:48:48.000000000 -0500
@@ -48,8 +48,7 @@ static char *col_dup(const char *src)
length++;
dst = malloc(length + 1);
- strncpy(dst, src, length);
- dst[length] = 0;
+ strlcpy(dst, src, length);
return dst;
}
@@ -172,7 +171,7 @@ static struct cookie_list_type *load_coo
struct dirent *ent;
struct cookie_list_type *list = NULL;
char *buf;
-
+ size_t len;
char *homedir;
if (cookies_file)
@@ -183,18 +182,19 @@ static struct cookie_list_type *load_coo
return list;
- buf = malloc(strlen(homedir) + sizeof("/.mozilla/default") + 1);
- sprintf(buf, "%s/.mozilla/default", homedir);
+ len = strlen(homedir) + sizeof("/.mozilla/default") + 1;
+ buf = malloc(len);
+ snprintf(buf, len, "%s/.mozilla/default", homedir);
dir = opendir(buf);
free(buf);
if (dir) {
while ((ent = readdir(dir)) != NULL) {
if ((ent->d_name)[0] != '.') {
- buf = malloc(strlen(getenv("HOME")) +
- sizeof("/.mozilla/default/") +
- strlen(ent->d_name) + sizeof("cookies.txt") + 1);
- sprintf(buf, "%s/.mozilla/default/%s/cookies.txt",
+ len = strlen(getenv("HOME")) + sizeof("/.mozilla/default/") +
+ strlen(ent->d_name) + sizeof("cookies.txt") + 1;
+ buf = malloc(len);
+ snprintf(buf, len, "%s/.mozilla/default/%s/cookies.txt",
getenv("HOME"), ent->d_name);
list = load_cookies_from(buf, list);
free(buf);
@@ -203,8 +203,9 @@ static struct cookie_list_type *load_coo
closedir(dir);
}
- buf = malloc(strlen(homedir) + sizeof("/.netscape/cookies.txt") + 1);
- sprintf(buf, "%s/.netscape/cookies.txt", homedir);
+ len = strlen(homedir) + sizeof("/.netscape/cookies.txt") + 1;
+ buf = malloc(len);
+ snprintf(buf, len, "%s/.netscape/cookies.txt", homedir);
list = load_cookies_from(buf, list);
free(buf);
@@ -263,10 +264,11 @@ cookies_set(HTTP_header_t * http_hdr, co
for (i = 0; i < found_cookies; i++) {
char *nbuf;
+ size_t len = strlen(buf) + strlen(" ") + strlen(cookies[i]->name) +
+ strlen("=") + strlen(cookies[i]->value) + strlen(";") + 1;
- nbuf = malloc(strlen(buf) + strlen(" ") + strlen(cookies[i]->name) +
- strlen("=") + strlen(cookies[i]->value) + strlen(";") + 1);
- sprintf(nbuf, "%s %s=%s;", buf, cookies[i]->name,
+ nbuf = malloc(len);
+ snprintf(nbuf, len, "%s %s=%s;", buf, cookies[i]->name,
cookies[i]->value);
free(buf);
buf = nbuf;
--- stream/http.c.orig 2007-03-02 10:52:51.000000000 -0500
+++ stream/http.c 2007-03-02 13:46:08.000000000 -0500
@@ -361,8 +361,7 @@ http_response_parse( HTTP_header_t *http
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return -1;
}
- strncpy( http_hdr->protocol, http_hdr->buffer, len );
- http_hdr->protocol[len]='\0';
+ strlcpy( http_hdr->protocol, http_hdr->buffer, len+1 );
if( !strncasecmp( http_hdr->protocol, "HTTP", 4) ) {
if( sscanf( http_hdr->protocol+5,"1.%d", &(http_hdr->http_minor_version) )!=1 ) {
mp_msg(MSGT_NETWORK,MSGL_ERR,"Malformed answer. Unable to get HTTP minor version.\n");
@@ -389,7 +388,7 @@ http_response_parse( HTTP_header_t *http
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return -1;
}
- strncpy( http_hdr->reason_phrase, hdr_ptr, len );
+ strlcpy( http_hdr->reason_phrase, hdr_ptr, len );
if( http_hdr->reason_phrase[len-1]=='\r' ) {
len--;
}
@@ -420,8 +419,7 @@ http_response_parse( HTTP_header_t *http
mp_msg(MSGT_NETWORK,MSGL_ERR,"Memory allocation failed\n");
return -1;
}
- strncpy( field, hdr_ptr, len );
- field[len]='\0';
+ strlcpy( field, hdr_ptr, len+1 );
http_set_field( http_hdr, field );
hdr_ptr = ptr+((*ptr=='\r')?2:1);
} while( hdr_ptr<(http_hdr->buffer+pos_hdr_sep) );
@@ -448,12 +446,13 @@ http_build_request( HTTP_header_t *http_
if( http_hdr->method==NULL ) http_set_method( http_hdr, "GET");
if( http_hdr->uri==NULL ) http_set_uri( http_hdr, "/");
else {
- uri = malloc(strlen(http_hdr->uri) + 1);
+ size_t size = strlen(http_hdr->uri) + 1;
+ uri = malloc(size);
if( uri==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_ERR,"Memory allocation failed\n");
return NULL;
}
- strcpy(uri,http_hdr->uri);
+ strlcpy(uri,http_hdr->uri,size);
}
//**** Compute the request length
@@ -486,16 +485,16 @@ http_build_request( HTTP_header_t *http_
//*** Building the request
ptr = http_hdr->buffer;
// Add the method line
- ptr += sprintf( ptr, "%s %s HTTP/1.%d\r\n", http_hdr->method, uri, http_hdr->http_minor_version );
+ ptr += snprintf( ptr, sizeof(len), "%s %s HTTP/1.%d\r\n", http_hdr->method, uri, http_hdr->http_minor_version );
field = http_hdr->first_field;
// Add the field
while( field!=NULL ) {
- ptr += sprintf( ptr, "%s\r\n", field->field_name );
+ ptr += snprintf( ptr, sizeof(len) - (ptr-http_hdr->buffer), "%s\r\n", field->field_name );
field = field->next;
}
- ptr += sprintf( ptr, "\r\n" );
+ ptr += snprintf( ptr, sizeof(len) - (ptr-http_hdr->buffer), "\r\n" );
// Add the body
- if( http_hdr->body!=NULL ) {
+ if( http_hdr->body!=NULL && http_hdr->body_size < sizeof(len) - (ptr-http_hdr->buffer)) {
memcpy( ptr, http_hdr->body, http_hdr->body_size );
}
@@ -505,14 +504,16 @@ http_build_request( HTTP_header_t *http_
char *
http_get_field( HTTP_header_t *http_hdr, const char *field_name ) {
+ size_t len;
if( http_hdr==NULL || field_name==NULL ) return NULL;
http_hdr->field_search_pos = http_hdr->first_field;
- http_hdr->field_search = (char*)realloc( http_hdr->field_search, strlen(field_name)+1 );
+ len = strlen(field_name)+1;
+ http_hdr->field_search = (char*)realloc( http_hdr->field_search, len );
if( http_hdr->field_search==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return NULL;
}
- strcpy( http_hdr->field_search, field_name );
+ strlcpy( http_hdr->field_search, field_name, len );
return http_get_next_field( http_hdr );
}
@@ -540,6 +541,7 @@ http_get_next_field( HTTP_header_t *http
void
http_set_field( HTTP_header_t *http_hdr, const char *field_name ) {
HTTP_field_t *new_field;
+ size_t len;
if( http_hdr==NULL || field_name==NULL ) return;
new_field = malloc(sizeof(HTTP_field_t));
@@ -548,12 +550,13 @@ http_set_field( HTTP_header_t *http_hdr,
return;
}
new_field->next = NULL;
- new_field->field_name = malloc(strlen(field_name)+1);
+ len = strlen(field_name)+1;
+ new_field->field_name = malloc(len);
if( new_field->field_name==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return;
}
- strcpy( new_field->field_name, field_name );
+ strlcpy(new_field->field_name, field_name, len);
if( http_hdr->last_field==NULL ) {
http_hdr->first_field = new_field;
@@ -566,26 +569,30 @@ http_set_field( HTTP_header_t *http_hdr,
void
http_set_method( HTTP_header_t *http_hdr, const char *method ) {
+ size_t len;
if( http_hdr==NULL || method==NULL ) return;
- http_hdr->method = malloc(strlen(method)+1);
+ len = strlen(method)+1;
+ http_hdr->method = malloc(len);
if( http_hdr->method==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return;
}
- strcpy( http_hdr->method, method );
+ strlcpy(http_hdr->method, method, len);
}
void
http_set_uri( HTTP_header_t *http_hdr, const char *uri ) {
+ size_t len;
if( http_hdr==NULL || uri==NULL ) return;
- http_hdr->uri = malloc(strlen(uri)+1);
+ len = strlen(uri)+1;
+ http_hdr->uri = malloc(len);
if( http_hdr->uri==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
return;
}
- strcpy( http_hdr->uri, uri );
+ strlcpy(http_hdr->uri, uri, len);
}
int
@@ -593,19 +600,21 @@ http_add_basic_authentication( HTTP_head
char *auth = NULL, *usr_pass = NULL, *b64_usr_pass = NULL;
int encoded_len, pass_len=0, out_len;
int res = -1;
+ size_t size;
if( http_hdr==NULL || username==NULL ) return -1;
if( password!=NULL ) {
pass_len = strlen(password);
}
- usr_pass = malloc(strlen(username)+pass_len+2);
+ size = strlen(username)+pass_len+2;
+ usr_pass = malloc(size);
if( usr_pass==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
goto out;
}
- sprintf( usr_pass, "%s:%s", username, (password==NULL)?"":password );
+ snprintf( usr_pass, size, "%s:%s", username, (password==NULL)?"":password );
// Base 64 encode with at least 33% more data than the original size
encoded_len = strlen(usr_pass)*2;
@@ -623,13 +632,14 @@ http_add_basic_authentication( HTTP_head
b64_usr_pass[out_len]='\0';
- auth = malloc(encoded_len+22);
+ size = encoded_len+22;
+ auth = malloc(size);
if( auth==NULL ) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed\n");
goto out;
}
- sprintf( auth, "Authorization: Basic %s", b64_usr_pass);
+ snprintf( auth, size, "Authorization: Basic %s", b64_usr_pass);
http_set_field( http_hdr, auth );
res = 0;
--- stream/stream_cdda.c.orig 2007-03-02 10:37:16.000000000 -0500
+++ stream/stream_cdda.c 2007-03-02 13:44:49.000000000 -0500
@@ -178,7 +178,7 @@ static int open_cdda(stream_t *st,int m,
long sec=cdda_track_firstsector(cdd,i+1);
long off=cdda_track_lastsector(cdd,i+1)-sec+1;
- sprintf(track_name, "Track %d", i+1);
+ snprintf(track_name, sizeof(track_name), "Track %d", i+1);
cd_info_add_track(cd_info, track_name, i+1, (unsigned int)(off/(60*75)), (unsigned int)((off/75)%60), (unsigned int)(off%75), sec, off );
audiolen += off;
}
--- stream/stream_cddb.c.orig 2007-03-02 10:37:49.000000000 -0500
+++ stream/stream_cddb.c 2007-03-02 13:44:27.000000000 -0500
@@ -72,7 +72,7 @@ read_toc(const char *dev) {
CDROM_TOC toc;
char device[10];
- sprintf(device, "\\\\.\\%s", dev);
+ snprintf(device, sizeof(device), "\\\\.\\%s", dev);
drive = CreateFile(device, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, 0);
if(!DeviceIoControl(drive, IOCTL_CDROM_READ_TOC, NULL, 0, &toc, sizeof(CDROM_TOC), &r, 0)) {
@@ -221,7 +221,7 @@ cddb_http_request(char *command, int (*r
if( reply_parser==NULL || command==NULL || cddb_data==NULL ) return -1;
- sprintf( request, "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", cddb_data->freedb_server, command, cddb_data->cddb_hello, cddb_data->freedb_proto_level );
+ snprintf( request, sizeof(request), "http://%s/~cddb/cddb.cgi?cmd=%s%s&proto=%d", cddb_data->freedb_server, command, cddb_data->cddb_hello, cddb_data->freedb_proto_level );
mp_msg(MSGT_OPEN, MSGL_INFO,"Request[%s]\n", request );
url = url_new(request);
@@ -271,7 +271,7 @@ cddb_read_cache(cddb_data_t *cddb_data)
if( cddb_data==NULL || cddb_data->cache_dir==NULL ) return -1;
- sprintf( file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
+ snprintf( file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id);
file_fd = open(file_name, O_RDONLY
#ifdef WIN32
@@ -335,7 +335,7 @@ cddb_write_cache(cddb_data_t *cddb_data)
}
}
- sprintf( file_name, "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id );
+ snprintf( file_name, sizeof(file_name), "%s%08lx", cddb_data->cache_dir, cddb_data->disc_id );
file_fd = creat(file_name, S_IREAD|S_IWRITE);
if( file_fd<0 ) {
@@ -420,7 +420,7 @@ cddb_read_parse(HTTP_header_t *http_hdr,
int
cddb_request_titles(cddb_data_t *cddb_data) {
char command[1024];
- sprintf( command, "cddb+read+%s+%08lx", cddb_data->category, cddb_data->disc_id);
+ snprintf( command, sizeof(command), "cddb+read+%s+%08lx", cddb_data->category, cddb_data->disc_id);
return cddb_http_request(command, cddb_read_parse, cddb_data);
}
@@ -453,8 +453,7 @@ cddb_parse_matches_list(HTTP_header_t *h
} else {
len = ptr2-ptr+1;
}
- strncpy(album_title, ptr, len);
- album_title[len-2]='\0';
+ strlcpy(album_title, ptr, len);
}
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
return 0;
@@ -490,8 +489,7 @@ cddb_query_parse(HTTP_header_t *http_hdr
} else {
len = ptr2-ptr+1;
}
- strncpy(album_title, ptr, len);
- album_title[len-2]='\0';
+ strlcpy(album_title, ptr, len);
}
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
return cddb_request_titles(cddb_data);
@@ -601,14 +599,14 @@ cddb_create_hello(cddb_data_t *cddb_data
* that most people don't like.
*/
user_name = "anonymous";
- strcpy(host_name, "localhost");
+ strlcpy(host_name, "localhost", sizeof(host_name));
} else {
if( gethostname(host_name, 50)<0 ) {
- strcpy(host_name, "localhost");
+ strlcpy(host_name, "localhost", sizeof(host_name));
}
user_name = getenv("LOGNAME");
}
- sprintf( cddb_data->cddb_hello, "&hello=%s+%s+%s+%s", user_name, host_name, "MPlayer", VERSION );
+ snprintf( cddb_data->cddb_hello, 1024, "&hello=%s+%s+%s+%s", user_name, host_name, "MPlayer", VERSION );
}
int
@@ -620,7 +618,7 @@ cddb_retrieve(cddb_data_t *cddb_data) {
ptr = offsets;
for( i=0; i<cddb_data->tracks ; i++ ) {
- ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+ ptr += snprintf(ptr, sizeof(offsets) - (ptr - offsets), "%d+", cdtoc[i].frame );
if (ptr-offsets > sizeof offsets - 40) break;
}
ptr[0]=0;
@@ -638,7 +636,7 @@ cddb_retrieve(cddb_data_t *cddb_data) {
//cddb_get_freedb_sites(&cddb_data);
- sprintf(command, "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, cddb_data->tracks, offsets, time_len );
+ snprintf(command, sizeof(command), "cddb+query+%08lx+%d+%s%d", cddb_data->disc_id, cddb_data->tracks, offsets, time_len );
ret = cddb_http_request(command, cddb_query_parse, cddb_data);
if( ret<0 ) return -1;
@@ -683,12 +681,13 @@ cddb_resolve(const char *dev, char **xmc
if( home_dir==NULL ) {
cddb_data.cache_dir = NULL;
} else {
- cddb_data.cache_dir = malloc(strlen(home_dir)+strlen(cddb_cache_dir)+1);
+ size_t len = strlen(home_dir)+strlen(cddb_cache_dir)+1;
+ cddb_data.cache_dir = malloc(len);
if( cddb_data.cache_dir==NULL ) {
mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_MemAllocFailed);
return -1;
}
- sprintf(cddb_data.cache_dir, "%s%s", home_dir, cddb_cache_dir );
+ snprintf(cddb_data.cache_dir, len, "%s%s", home_dir, cddb_cache_dir );
}
// Check for a cached file
@@ -716,23 +715,26 @@ cddb_resolve(const char *dev, char **xmc
char*
xmcd_parse_dtitle(cd_info_t *cd_info, char *line) {
char *ptr, *album;
+ size_t len;
ptr = strstr(line, "DTITLE=");
if( ptr!=NULL ) {
ptr += 7;
album = strstr(ptr, "/");
if( album==NULL ) return NULL;
- cd_info->album = malloc(strlen(album+2)+1);
+ len = strlen(album+2)+1;
+ cd_info->album = malloc(len);
if( cd_info->album==NULL ) {
return NULL;
}
- strcpy( cd_info->album, album+2 );
+ strlcpy( cd_info->album, album+2, len );
album--;
album[0] = '\0';
- cd_info->artist = malloc(strlen(ptr)+1);
+ len = strlen(ptr)+1;
+ cd_info->artist = malloc(len);
if( cd_info->artist==NULL ) {
return NULL;
}
- strcpy( cd_info->artist, ptr );
+ strlcpy( cd_info->artist, ptr, len );
}
return ptr;
}
@@ -740,14 +742,16 @@ xmcd_parse_dtitle(cd_info_t *cd_info, ch
char*
xmcd_parse_dgenre(cd_info_t *cd_info, char *line) {
char *ptr;
+ size_t len;
ptr = strstr(line, "DGENRE=");
if( ptr!=NULL ) {
ptr += 7;
- cd_info->genre = malloc(strlen(ptr)+1);
+ len = strlen(ptr)+1;
+ cd_info->genre = malloc(len);
if( cd_info->genre==NULL ) {
return NULL;
}
- strcpy( cd_info->genre, ptr );
+ strlcpy( cd_info->genre, ptr, len );
}
return ptr;
}
--- stream/stream_cue.c.orig 2007-03-02 08:00:52.000000000 -0500
+++ stream/stream_cue.c 2007-03-02 13:43:17.000000000 -0500
@@ -33,6 +33,7 @@
#define MODE1_2048 30
#define MODE2_2336 40
#define UNKNOWN -1
+#define CUEBUFMAX 256
static struct stream_priv_s {
char* filename;
@@ -56,10 +57,10 @@ static struct m_struct_st stream_opts =
static FILE* fd_cue;
static int fd_bin = 0;
-static char bin_filename[256];
+static char bin_filename[CUEBUFMAX];
-static char cue_filename[256];
-static char bincue_path[256];
+static char cue_filename[CUEBUFMAX];
+static char bincue_path[CUEBUFMAX];
typedef struct track
@@ -95,7 +96,7 @@ static struct cue_track_pos {
static int nTracks = 0;
/* presumes Line is preloaded with the "current" line of the file */
-static int cue_getTrackinfo(char *Line, tTrack *track)
+static int cue_getTrackinfo(char *Line, tTrack *track, size_t len)
{
char inum[3];
char min;
@@ -119,7 +120,7 @@ static int cue_getTrackinfo(char *Line,
/* Get the track indexes */
while(1) {
- if(! fgets( Line, 256, fd_cue ) ) { break;}
+ if(! fgets( Line, len, fd_cue ) ) { break;}
if (strncmp(&Line[2], "TRACK ", 6)==0)
{
@@ -156,14 +157,10 @@ static int cue_getTrackinfo(char *Line,
-/* FIXME: the string operations ( strcpy,strcat ) below depend
- * on the arrays to have the same size, thus we need to make
- * sure the sizes are in sync.
- */
static int cue_find_bin (char *firstline) {
+ char s[CUEBUFMAX];
+ char t[CUEBUFMAX];
int i,j;
- char s[256];
- char t[256];
/* get the filename out of that */
/* 12345 6 */
@@ -204,16 +201,15 @@ static int cue_find_bin (char *firstline
bin_filename);
/* now try to find it with the path of the cue file */
- snprintf(s,sizeof( s ),"%s/%s",bincue_path,bin_filename);
+ snprintf(s,sizeof(s),"%s/%s",bincue_path,bin_filename);
fd_bin = open (s, O_RDONLY);
if (fd_bin == -1)
{
mp_msg(MSGT_OPEN,MSGL_STATUS,
MSGTR_MPDEMUX_CUEREAD_BinFilenameTested, s);
/* now I would say the whole filename is shit, build our own */
- strncpy(s, cue_filename, strlen(cue_filename) - 3 );
- s[strlen(cue_filename) - 3] = '\0';
- strcat(s, "bin");
+ strlcpy(s, cue_filename, strlen(cue_filename) - 2);
+ strlcat(s, "bin", sizeof(s));
fd_bin = open (s, O_RDONLY);
if (fd_bin == -1)
{
@@ -221,23 +217,22 @@ static int cue_find_bin (char *firstline
MSGTR_MPDEMUX_CUEREAD_BinFilenameTested, s);
/* ok try it with path */
- snprintf(t, sizeof( t ), "%s/%s", bincue_path, s);
+ snprintf(t, sizeof(t), "%s/%s", bincue_path, s);
fd_bin = open (t, O_RDONLY);
if (fd_bin == -1)
{
mp_msg(MSGT_OPEN,MSGL_STATUS,
MSGTR_MPDEMUX_CUEREAD_BinFilenameTested,t);
/* now I would say the whole filename is shit, build our own */
- strncpy(s, cue_filename, strlen(cue_filename) - 3 );
- s[strlen(cue_filename) - 3] = '\0';
- strcat(s, "img");
+ strlcpy(s, cue_filename, strlen(cue_filename) - 2);
+ strlcat(s, "img", sizeof(s));
fd_bin = open (s, O_RDONLY);
if (fd_bin == -1)
{
mp_msg(MSGT_OPEN,MSGL_STATUS,
MSGTR_MPDEMUX_CUEREAD_BinFilenameTested, s);
/* ok try it with path */
- snprintf(t, sizeof( t ), "%s/%s", bincue_path, s);
+ snprintf(t, sizeof(t), "%s/%s", bincue_path, s);
fd_bin = open (t, O_RDONLY);
if (fd_bin == -1)
{
@@ -250,11 +245,11 @@ static int cue_find_bin (char *firstline
return -1;
}
}
- } else strcpy(bin_filename, t);
+ } else strlcpy(bin_filename, t, sizeof(bin_filename));
- } else strcpy(bin_filename, s);
+ } else strlcpy(bin_filename, s, sizeof(bin_filename));
- } else strcpy(bin_filename, s);
+ } else strlcpy(bin_filename, s, sizeof(bin_filename));
}
@@ -303,7 +298,7 @@ static inline int cue_mode_2_sector_size
static int cue_read_cue (char *in_cue_filename)
{
struct stat filestat;
- char sLine[256];
+ char sLine[CUEBUFMAX];
unsigned int sect;
char *s,*t;
int i;
@@ -322,7 +317,7 @@ static int cue_read_cue (char *in_cue_fi
*t = '\0';
t = s;
if (*t == '\0')
- strcpy(t, "/");
+ strlcpy(t, "/", 2);
}
strlcpy(bincue_path,t,sizeof( bincue_path ));
@@ -351,7 +346,7 @@ static int cue_read_cue (char *in_cue_fi
/* read the first line and hand it to find_bin, which will
test more than one possible name of the file */
- if(! fgets( sLine, 256, fd_cue ) )
+ if(! fgets( sLine, sizeof(sLine), fd_cue ) )
{
mp_msg(MSGT_OPEN,MSGL_ERR,
MSGTR_MPDEMUX_CUEREAD_ErrReadingFromCueFile, in_cue_filename);
@@ -367,7 +362,7 @@ static int cue_read_cue (char *in_cue_fi
/* now build the track list */
/* red the next line and call our track finder */
- if(! fgets( sLine, 256, fd_cue ) )
+ if(! fgets( sLine, sizeof(sLine), fd_cue ) )
{
mp_msg(MSGT_OPEN,MSGL_ERR,
MSGTR_MPDEMUX_CUEREAD_ErrReadingFromCueFile, in_cue_filename);
@@ -377,7 +372,7 @@ static int cue_read_cue (char *in_cue_fi
while(!feof(fd_cue))
{
- if (cue_getTrackinfo(sLine, &tracks[nTracks++]) != 0)
+ if (cue_getTrackinfo(sLine, &tracks[nTracks++], sizeof(sLine)) != 0)
{
mp_msg(MSGT_OPEN,MSGL_ERR,
MSGTR_MPDEMUX_CUEREAD_ErrReadingFromCueFile, in_cue_filename);
--- stream/stream_dvb.c.orig 2007-03-02 11:18:16.000000000 -0500
+++ stream/stream_dvb.c 2007-03-02 13:42:36.000000000 -0500
@@ -176,8 +176,7 @@ static dvb_channels_list *dvb_get_channe
ptr->name = (char*) malloc(k+1);
if(! ptr->name)
continue;
- strncpy(ptr->name, line, k);
- ptr->name[k] = 0;
+ strlcpy(ptr->name, line, k+1);
}
else
continue;
@@ -764,7 +763,7 @@ dvb_config_t *dvb_get_config(void)
conf->cards = NULL;
for(i=0; i<MAX_CARDS; i++)
{
- sprintf(filename, "/dev/dvb/adapter%d/frontend0", i);
+ snprintf(filename, sizeof(filename),"/dev/dvb/adapter%d/frontend0", i);
fd = open(filename, O_RDONLY|O_NONBLOCK);
if(fd < 0)
{
@@ -824,7 +823,7 @@ dvb_config_t *dvb_get_config(void)
conf->cards[conf->count].devno = i;
conf->cards[conf->count].list = list;
conf->cards[conf->count].type = type;
- sprintf(name, "DVB-%c card n. %d", type==TUNER_TER ? 'T' : (type==TUNER_CBL ? 'C' : 'S'), conf->count+1);
+ snprintf(name, 20, "DVB-%c card n. %d", type==TUNER_TER ? 'T' : (type==TUNER_CBL ? 'C' : 'S'), conf->count+1);
conf->cards[conf->count].name = name;
conf->count++;
}
--- stream/stream_dvd.c.orig 2007-03-02 11:18:19.000000000 -0500
+++ stream/stream_dvd.c 2007-03-02 13:41:58.000000000 -0500
@@ -795,10 +795,11 @@ static int open_s(stream_t *stream,int m
/* Dynamic DVD drive selection on Darwin */
if(!strcmp(dvd_device, "/dev/rdiskN")) {
int i;
- char *temp_device = malloc(strlen(dvd_device)+1);
+ size_t len = strlen(dvd_device);
+ char *temp_device = malloc(len);
for (i = 1; i < 10; i++) {
- sprintf(temp_device, "/dev/rdisk%d", i);
+ snprintf(temp_device, len, "/dev/rdisk%d", i);
dvd = DVDOpen(temp_device);
if(!dvd) {
mp_msg(MSGT_OPEN,MSGL_ERR,MSGTR_CantOpenDVD,temp_device);
@@ -868,7 +869,7 @@ static int open_s(stream_t *stream,int m
int i;
char buf[33];
for (i = 0; i < 16; i ++)
- sprintf(buf+2*i, "%02X", discid[i]);
+ snprintf(buf+2*i, sizeof(buf) - ((buf+2*i)-buf), "%02X", discid[i]);
mp_msg(MSGT_IDENTIFY, MSGL_V, "ID_DVD_DISC_ID=%s\n", buf);
}
}
--- stream/stream_ftp.c.orig 2007-03-02 07:45:14.000000000 -0500
+++ stream/stream_ftp.c 2007-03-02 13:38:39.000000000 -0500
@@ -159,26 +159,26 @@ static int readline(char *buf,int max,st
* return 0 if first char doesn't match
* return 1 if first char matches
*/
-static int readresp(struct stream_priv_s* ctl,char* rsp)
+static int readresp(struct stream_priv_s* ctl,char* rsp,size_t len)
{
static char response[256];
char match[5];
int r;
- if (readline(response,256,ctl) == -1)
+ if (readline(response,sizeof(response),ctl) == -1)
return 0;
r = atoi(response)/100;
- if(rsp) strcpy(rsp,response);
+ if(rsp) strlcpy(rsp,response,len);
mp_msg(MSGT_STREAM,MSGL_V, "[ftp] < %s",response);
if (response[3] == '-') {
- strncpy(match,response,3);
+ strncpy(match,response,3); /* safe and intended */
match[3] = ' ';
match[4] = '\0';
do {
- if (readline(response,256,ctl) == -1) {
+ if (readline(response,sizeof(response),ctl) == -1) {
mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] Control socket read failed\n");
return 0;
}
@@ -189,7 +189,7 @@ static int readresp(struct stream_priv_s
}
-static int FtpSendCmd(const char *cmd, struct stream_priv_s *nControl,char* rsp)
+static int FtpSendCmd(const char *cmd, struct stream_priv_s *nControl,char* rsp,size_t len)
{
int l = strlen(cmd);
int hascrlf = cmd[l - 2] == '\r' && cmd[l - 1] == '\n';
@@ -209,9 +209,9 @@ static int FtpSendCmd(const char *cmd, s
}
if (hascrlf)
- return readresp(nControl,rsp);
+ return readresp(nControl,rsp,len);
else
- return FtpSendCmd("\r\n", nControl, rsp);
+ return FtpSendCmd("\r\n", nControl, rsp, len);
}
static int FtpOpenPort(struct stream_priv_s* p) {
@@ -220,7 +220,7 @@ static int FtpOpenPort(struct stream_pri
char* par,str[128];
int num[6];
- resp = FtpSendCmd("PASV",p,rsp_txt);
+ resp = FtpSendCmd("PASV",p,rsp_txt,sizeof(rsp_txt));
if(resp != 2) {
mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command 'PASV' failed: %s\n",rsp_txt);
return 0;
@@ -235,7 +235,7 @@ static int FtpOpenPort(struct stream_pri
sscanf(par+1,"%u,%u,%u,%u,%u,%u",&num[0],&num[1],&num[2],
&num[3],&num[4],&num[5]);
- snprintf(str,127,"%d.%d.%d.%d",num[0],num[1],num[2],num[3]);
+ snprintf(str,sizeof(str),"%d.%d.%d.%d",num[0],num[1],num[2],num[3]);
fd = connect2Server(str,(num[4]<<8)+num[5],0);
if(fd < 0)
@@ -255,9 +255,9 @@ static int FtpOpenData(stream_t* s,size_
if(s->fd < 0) return 0;
if(newpos > 0) {
- snprintf(str,255,"REST %"PRId64, (int64_t)newpos);
+ snprintf(str,sizeof(str),"REST %"PRId64, (int64_t)newpos);
- resp = FtpSendCmd(str,p,rsp_txt);
+ resp = FtpSendCmd(str,p,rsp_txt,sizeof(rsp_txt));
if(resp != 3) {
mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",str,rsp_txt);
newpos = 0;
@@ -265,8 +265,8 @@ static int FtpOpenData(stream_t* s,size_
}
// Get the file
- snprintf(str,255,"RETR %s",p->filename);
- resp = FtpSendCmd(str,p,rsp_txt);
+ snprintf(str,sizeof(str),"RETR %s",p->filename);
+ resp = FtpSendCmd(str,p,rsp_txt,sizeof(rsp_txt));
if(resp != 1) {
mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",str,rsp_txt);
@@ -304,7 +304,7 @@ static int seek(stream_t *s,off_t newpos
// Check to see if the server doesn't alredy terminated the transfert
if(fd_can_read(p->handle, 0)) {
- if(readresp(p,rsp_txt) != 2)
+ if(readresp(p,rsp_txt,sizeof(rsp_txt)) != 2)
mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] Warning the server didn't finished the transfert correctly: %s\n",rsp_txt);
closesocket(s->fd);
s->fd = -1;
@@ -334,7 +334,7 @@ static int seek(stream_t *s,off_t newpos
// Get the 426 Transfer aborted
// Or the 226 Transfer complete
- resp = readresp(p,rsp_txt);
+ resp = readresp(p,rsp_txt,sizeof(rsp_txt));
if(resp != 4 && resp != 2) {
mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] Server didn't abort correctly: %s\n",rsp_txt);
s->eof = 1;
@@ -342,7 +342,7 @@ static int seek(stream_t *s,off_t newpos
}
// Send the ABOR command
// Ignore the return code as sometimes it fail with "nothing to abort"
- FtpSendCmd("ABOR",p,rsp_txt);
+ FtpSendCmd("ABOR",p,rsp_txt,sizeof(rsp_txt));
}
return FtpOpenData(s,newpos);
}
@@ -358,7 +358,7 @@ static void close_f(stream_t *s) {
s->fd = 0;
}
- FtpSendCmd("QUIT",p,NULL);
+ FtpSendCmd("QUIT",p,NULL,0);
if(p->handle) closesocket(p->handle);
if(p->buf) free(p->buf);
@@ -398,20 +398,20 @@ static int open_f(stream_t *stream,int m
stream->priv = p;
p->buf = malloc(BUFSIZE);
- if (readresp(p, NULL) == 0) {
+ if (readresp(p, NULL, 0) == 0) {
close_f(stream);
m_struct_free(&stream_opts,opts);
return STREAM_ERROR;
}
// Login
- snprintf(str,255,"USER %s",p->user);
- resp = FtpSendCmd(str,p,rsp_txt);
+ snprintf(str,sizeof(str),"USER %s",p->user);
+ resp = FtpSendCmd(str,p,rsp_txt,sizeof(rsp_txt));
// password needed
if(resp == 3) {
- snprintf(str,255,"PASS %s",p->pass);
- resp = FtpSendCmd(str,p,rsp_txt);
+ snprintf(str,sizeof(str),"PASS %s",p->pass);
+ resp = FtpSendCmd(str,p,rsp_txt,sizeof(rsp_txt));
if(resp != 2) {
mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",str,rsp_txt);
close_f(stream);
@@ -424,7 +424,7 @@ static int open_f(stream_t *stream,int m
}
// Set the transfert type
- resp = FtpSendCmd("TYPE I",p,rsp_txt);
+ resp = FtpSendCmd("TYPE I",p,rsp_txt,sizeof(rsp_txt));
if(resp != 2) {
mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command 'TYPE I' failed: %s\n",rsp_txt);
close_f(stream);
@@ -432,8 +432,8 @@ static int open_f(stream_t *stream,int m
}
// Get the filesize
- snprintf(str,255,"SIZE %s",p->filename);
- resp = FtpSendCmd(str,p,rsp_txt);
+ snprintf(str,sizeof(str),"SIZE %s",p->filename);
+ resp = FtpSendCmd(str,p,rsp_txt,sizeof(rsp_txt));
if(resp != 2) {
mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",str,rsp_txt);
} else {
--- stream/stream_rtsp.c.orig 2007-03-02 11:24:10.000000000 -0500
+++ stream/stream_rtsp.c 2007-03-02 13:39:52.000000000 -0500
@@ -61,6 +61,7 @@ rtsp_streaming_start (stream_t *stream)
char *file;
int port;
int redirected, temp;
+ size_t len;
if (!stream)
return -1;
@@ -87,10 +88,10 @@ rtsp_streaming_start (stream_t *stream)
if (file[0] == '/')
file++;
- mrl = malloc (strlen (stream->streaming_ctrl->url->hostname)
- + strlen (file) + 16);
+ len = strlen (stream->streaming_ctrl->url->hostname) + strlen (file) + 16;
+ mrl = malloc (len);
- sprintf (mrl, "rtsp://%s:%i/%s",
+ snprintf (mrl, sizeof(len), "rtsp://%s:%i/%s",
stream->streaming_ctrl->url->hostname, port, file);
rtsp = rtsp_session_start (fd, &mrl, file,
--- stream/stream_smb.c.orig 2007-03-02 07:35:09.000000000 -0500
+++ stream/stream_smb.c 2007-03-02 07:43:53.000000000 -0500
@@ -35,24 +35,28 @@ static void smb_auth_fn(const char *serv
char *password, int pwmaxlen)
{
char temp[128];
+ size_t len;
- strcpy(temp, "LAN");
- if (temp[strlen(temp) - 1] == 0x0a)
- temp[strlen(temp) - 1] = 0x00;
+ strlcpy(temp, "LAN", sizeof(temp));
+ len = strlen(temp) - 1;
+ if (len > 0 && temp[len] == 0x0a)
+ temp[len] = 0x00;
- if (temp[0]) strncpy(workgroup, temp, wgmaxlen - 1);
+ if (temp[0]) strlcpy(workgroup, temp, wgmaxlen);
- strcpy(temp, smb_username);
- if (temp[strlen(temp) - 1] == 0x0a)
- temp[strlen(temp) - 1] = 0x00;
+ strlcpy(temp, smb_username, sizeof(temp));
+ len = strlen(temp) - 1;
+ if (len > 0 && temp[len] == 0x0a)
+ temp[len] = 0x00;
- if (temp[0]) strncpy(username, temp, unmaxlen - 1);
+ if (temp[0]) strlcpy(username, temp, unmaxlen);
- strcpy(temp, smb_password);
- if (temp[strlen(temp) - 1] == 0x0a)
- temp[strlen(temp) - 1] = 0x00;
+ strlcpy(temp, smb_password, sizeof(temp));
+ len = strlen(temp) - 1;
+ if (len > 0 && temp[len] == 0x0a)
+ temp[len] = 0x00;
- if (temp[0]) strncpy(password, temp, pwmaxlen - 1);
+ if (temp[0]) strlcpy(password, temp, pwmaxlen);
}
static int control(stream_t *s, int cmd, void *arg) {
--- stream/tv.h.orig 2007-03-02 07:34:11.000000000 -0500
+++ stream/tv.h 2007-03-02 07:34:30.000000000 -0500
@@ -97,7 +97,6 @@ typedef struct tv_channels_s {
extern tv_channels_t *tv_channel_list;
extern tv_channels_t *tv_channel_current, *tv_channel_last;
-extern char *tv_channel_last_real;
#define TVI_CONTROL_FALSE 0
#define TVI_CONTROL_TRUE 1
--- stream/tvi_v4l2.c.orig 2007-03-02 11:26:25.000000000 -0500
+++ stream/tvi_v4l2.c 2007-03-02 13:40:25.000000000 -0500
@@ -248,7 +248,7 @@ static const char *pixfmt2name(int pixfm
case V4L2_PIX_FMT_HI240: return "HI240";
case V4L2_PIX_FMT_WNVA: return "WNVA";
}
- sprintf(unknown, "unknown (0x%x)", pixfmt);
+ snprintf(unknown, sizeof(unknown), "unknown (0x%x)", pixfmt);
return unknown;
}
--- stream/tv.c.orig 2007-03-02 07:25:09.000000000 -0500
+++ stream/tv.c 2007-03-02 07:33:53.000000000 -0500
@@ -79,7 +79,7 @@ int tv_param_hue = 0;
int tv_param_saturation = 0;
tv_channels_t *tv_channel_list;
tv_channels_t *tv_channel_current, *tv_channel_last;
-char *tv_channel_last_real;
+static char tv_channel_last_real[5];
/* enumerating drivers (like in stream.c) */
extern tvi_info_t tvi_info_dummy;
@@ -401,8 +401,7 @@ static int open_tv(tvi_handle_t *tvh)
if (tv_channel_current->prev)
tv_channel_current->prev->next = NULL;
free(tv_channel_current);
- } else
- tv_channel_last_real = malloc(5);
+ }
if (tv_channel_list) {
int i;
@@ -465,7 +464,7 @@ static int open_tv(tvi_handle_t *tvh)
// i, cl.name, cl.freq);
if (!strcasecmp(cl.name, tv_param_channel))
{
- strcpy(tv_channel_last_real, cl.name);
+ strlcpy(tv_channel_last_real, cl.name, sizeof(tv_channel_last_real));
tvh->channel = i;
mp_msg(MSGT_TV, MSGL_INFO, "Selected channel: %s (freq: %.3f)\n",
cl.name, (float)cl.freq/1000);
@@ -782,7 +781,7 @@ int tv_step_channel_real(tvi_handle_t *t
{
if (tvh->channel-1 >= 0)
{
- strcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name);
+ strlcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name, sizeof(tv_channel_last_real));
cl = tvh->chanlist_s[--tvh->channel];
mp_msg(MSGT_TV, MSGL_INFO, "Selected channel: %s (freq: %.3f)\n",
cl.name, (float)cl.freq/1000);
@@ -794,7 +793,7 @@ int tv_step_channel_real(tvi_handle_t *t
{
if (tvh->channel+1 < chanlists[tvh->chanlist].count)
{
- strcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name);
+ strlcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name, sizeof(tv_channel_last_real));
cl = tvh->chanlist_s[++tvh->channel];
mp_msg(MSGT_TV, MSGL_INFO, "Selected channel: %s (freq: %.3f)\n",
cl.name, (float)cl.freq/1000);
@@ -835,7 +834,7 @@ int tv_set_channel_real(tvi_handle_t *tv
int i;
struct CHANLIST cl;
- strcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name);
+ strlcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name, sizeof(tv_channel_last_real));
for (i = 0; i < chanlists[tvh->chanlist].count; i++)
{
cl = tvh->chanlist_s[i];
@@ -891,7 +890,7 @@ int tv_last_channel(tvi_handle_t *tvh) {
cl = tvh->chanlist_s[i];
if (!strcasecmp(cl.name, tv_channel_last_real))
{
- strcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name);
+ strlcpy(tv_channel_last_real, tvh->chanlist_s[tvh->channel].name, sizeof(tv_channel_last_real));
tvh->channel = i;
mp_msg(MSGT_TV, MSGL_INFO, "Selected channel: %s (freq: %.3f)\n",
cl.name, (float)cl.freq/1000);
--- stream/url.c.orig 2007-03-02 07:14:02.000000000 -0500
+++ stream/url.c 2007-03-02 07:23:20.000000000 -0500
@@ -23,9 +23,10 @@ URL_t *url_redirect(URL_t **url, const c
URL_t *u = *url;
URL_t *res;
if (!strchr(redir, '/') || *redir == '/') {
- char *tmp;
- char *newurl = malloc(strlen(u->url) + strlen(redir) + 1);
- strcpy(newurl, u->url);
+ char *tmp, *newurl;
+ size_t size = strlen(u->url) + strlen(redir) + 1;
+ newurl = malloc(size);
+ strlcpy(newurl, u->url, size);
if (*redir == '/') {
redir++;
tmp = strstr(newurl, "://");
@@ -33,7 +34,7 @@ URL_t *url_redirect(URL_t **url, const c
} else
tmp = strrchr(newurl, '/');
if (tmp) tmp[1] = 0;
- strcat(newurl, redir);
+ strlcat(newurl, redir, size);
res = url_new(newurl);
free(newurl);
} else
@@ -101,8 +102,7 @@ url_new(const char* url) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
goto err_out;
}
- strncpy(Curl->protocol, escfilename, pos1);
- Curl->protocol[pos1] = '\0';
+ strlcpy(Curl->protocol, escfilename, pos1);
// jump the "://"
ptr1 += jumpSize;
@@ -123,8 +123,7 @@ url_new(const char* url) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
goto err_out;
}
- strncpy(Curl->username, ptr1, len);
- Curl->username[len] = '\0';
+ strlcpy(Curl->username, ptr1, len);
ptr3 = strstr(ptr1, ":");
if( ptr3!=NULL && ptr3<ptr2 ) {
@@ -136,8 +135,7 @@ url_new(const char* url) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
goto err_out;
}
- strncpy( Curl->password, ptr3+1, len2);
- Curl->password[len2]='\0';
+ strlcpy( Curl->password, ptr3+1, len2);
}
ptr1 = ptr2+1;
pos1 = ptr1-escfilename;
@@ -188,8 +186,7 @@ url_new(const char* url) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
goto err_out;
}
- strncpy(Curl->hostname, ptr1, pos2-pos1);
- Curl->hostname[pos2-pos1] = '\0';
+ strlcpy(Curl->hostname, ptr1, pos2-pos1);
// Look if a path is given
ptr2 = strstr(ptr1, "/");
@@ -212,7 +209,7 @@ url_new(const char* url) {
mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
goto err_out;
}
- strcpy(Curl->file, "/");
+ strlcpy(Curl->file, "/", 2);
}
free(escfilename);
@@ -322,7 +319,7 @@ url_escape_string(char *outbuf, const ch
if(tmp && (tmp[1] == '/' || tmp[1] == ':' ||
tmp[1] == '\0')) {
i = tmp+1-inbuf;
- strncpy(outbuf,inbuf,i);
+ strncpy(outbuf,inbuf,i); /* safe and intended */
outbuf += i;
tmp = NULL;
}
@@ -347,8 +344,7 @@ url_escape_string(char *outbuf, const ch
// we found one, take that part of the string
if(j < len) {
if(!tmp) tmp = malloc(len+1);
- strncpy(tmp,inbuf+i,j-i);
- tmp[j-i] = '\0';
+ strlcpy(tmp,inbuf+i,j-i+1);
in = tmp;
} else // take the rest of the string
in = (char*)inbuf+i;
More information about the MPlayer-dev-eng
mailing list