[MPlayer-dev-eng] [Suggested PATCH] Increase maximum ftp file path length

Nicolas George nicolas.george at normalesup.org
Mon Nov 5 09:51:19 CET 2012


Le quintidi 15 brumaire, an CCXXI, Sergey a écrit :
> I often use mplayer to watch video recordings from our local ftp
> server.

Are there really still people using ftp in 2012?

>  static int readresp(struct stream_priv_s* ctl,char* rsp)
>  {
> -    static char response[256];
> +    static char response[65536];

Why is this array static? It is filled unconditionally each time, and
therefore does not need to retain its contents.

>      char match[5];
>      int r;
>  
> -    if (readline(response,256,ctl) == -1)
> +    if (readline(response,65536,ctl) == -1)
>        return 0;

This kind of code is fragile and a sure way of getting an exploitable buffer
overflow at some point. If someone changes it now, they better fix it
correctly: either use sizeof(response) instead of duplicating the size or
use a macro for the size, or both.

Since the same change is made several times, a macro to set the size once
and for all is probably the best idea. It would also enable to change the
size easily if someone happens to have a problem with 64k arrays on the
stack (I do not think anyone will with MPlayer).

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20121105/7e080610/attachment.asc>


More information about the MPlayer-dev-eng mailing list