[MPlayer-dev-eng] [PATCH] Do not use non-literal arguments for mp_msg format string

Alexander Strasser eclipse7 at gmx.net
Sun Jan 26 01:30:17 CET 2014

Make the code easier to review and more robust against
future changes.

Fix ticket #2173

Signed-off-by: Alexander Strasser <eclipse7 at gmx.net>

  The occurrence in gui/interface.c could actually be
security relevant. I didn't investigate deeply and only
had a quick look at the invocation of gmp_msg, where I
think there is at least one that accepts user-controlled
data. That could be used to craft something that gets
interpreted by implementation of the function that is
evaluating the strings as a format string which means
possibilities depend on the exact implementation used.

 gui/interface.c       | 2 +-
 stream/stream_radio.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gui/interface.c b/gui/interface.c
index 6e2387e..fdd6db4 100644
--- a/gui/interface.c
+++ b/gui/interface.c
@@ -1183,7 +1183,7 @@ void gmp_msg(int mod, int lev, const char *format, ...)
     vsnprintf(msg, sizeof(msg), format, va);
-    mp_msg(mod, lev, msg);
+    mp_msg(mod, lev, "%s", msg);
     if (mp_msg_test(mod, lev))
         gtkMessageBox(MSGBOX_FATAL, msg);
diff --git a/stream/stream_radio.c b/stream/stream_radio.c
index afbea43..a91c051 100644
--- a/stream/stream_radio.c
+++ b/stream/stream_radio.c
@@ -1138,7 +1138,7 @@ static int open_s(stream_t *stream,int mode, void* opts, int* file_format) {
-        mp_msg(MSGT_RADIO, MSGL_INFO, priv->driver->info);
+        mp_msg(MSGT_RADIO, MSGL_INFO, "%s", priv->driver->info);
         mp_msg(MSGT_RADIO, MSGL_INFO, MSGTR_RADIO_DriverUnknownStr,priv->radio_param->driver);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20140126/971ae7ed/attachment.asc>

More information about the MPlayer-dev-eng mailing list