[MPlayer-dev-eng] [PATCH] libmenu: fill allocated memory for path variable with 0, fixes menu_keepdir
Guillaume LECERF
foxcore at gmail.com
Tue Jun 3 14:27:58 CEST 2008
HI all,
This patch does $subject.
The code is :
if (!fstat (path_fp, &st) && (st.st_size > 0)) {
path = malloc(st.st_size+1);
if ((read(path_fp, path, st.st_size) == st.st_size) && path[0] == '/'
&& !stat(path, &st) && S_ISDIR(st.st_mode)){
freepath = path;
path[st.st_size] = '\0';
}
else {
free(path);
path = NULL;
}
}
read() populates the path variable, but it is not null-terminated.
So stat() fails because path ends with garbage.
--
Guillaume LECERF
GeeXboX developer - www.geexbox.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-menu_keepdir.diff
Type: text/x-diff
Size: 597 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20080603/ddca3ded/attachment.diff>
More information about the MPlayer-dev-eng
mailing list