* ./src/misc/messages.c: fixed an extremely old buffer overflow.

eb8abe0a · Sam Hocevar · 5fa75a1f · eb8abe0a · eb8abe0a
Commit eb8abe0a authored Aug 10, 2002 by Sam Hocevar
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 6 deletions

include/vlc_common.h include/vlc_common.h +6 -2

src/misc/messages.c src/misc/messages.c +8 -4

No files found.
--- a/include/vlc_common.h
+++ b/include/vlc_common.h
@@ -3,7 +3,7 @@
 * Collection of useful common types and macros definitions
 *****************************************************************************
 * Copyright (C) 1998, 1999, 2000 VideoLAN
- * $Id: vlc_common.h,v 1.16 2002/08/08 00:35:10 sam Exp $
+ * $Id: vlc_common.h,v 1.17 2002/08/10 19:23:06 sam Exp $
 *
 * Authors: Samuel Hocevar <sam@via.ecp.fr>
 *          Vincent Seguin <seguin@via.ecp.fr>
@@ -420,8 +420,12 @@ typedef __int64 off_t;
 #       define O_NONBLOCK 0
 #   endif
+    /* These two are not defined in mingw32 (bug?) */
 #   ifndef snprintf
-#       define snprintf _snprintf  /* snprintf not defined in mingw32 (bug?) */
+#       define snprintf _snprintf
+#   endif
+#   ifndef vsnprintf
+#       define vsnprintf _vsnprintf
 #   endif
 #endif

--- a/src/misc/messages.c
+++ b/src/misc/messages.c
@@ -4,7 +4,7 @@
 * modules, especially intf modules. See config.h for output configuration.
 *****************************************************************************
 * Copyright (C) 1998-2002 VideoLAN
- * $Id: messages.c,v 1.7 2002/08/08 00:35:11 sam Exp $
+ * $Id: messages.c,v 1.8 2002/08/10 19:23:06 sam Exp $
 *
 * Authors: Vincent Seguin <seguin@via.ecp.fr>
 *          Samuel Hocevar <sam@zoy.org>
@@ -257,6 +257,9 @@ static void QueueMsg( vlc_object_t *p_this, int i_type, const char *psz_module,
 #ifdef WIN32
    char *              psz_temp;
 #endif
+#ifndef HAVE_VASPRINTF
+    int                 i_size = strlen(psz_format) + INTF_MAX_MSG_SIZE;
+#endif
    /*
     * Convert message to string
@@ -264,7 +267,7 @@ static void QueueMsg( vlc_object_t *p_this, int i_type, const char *psz_module,
 #ifdef HAVE_VASPRINTF
    vasprintf( &psz_str, psz_format, args );
 #else
-    psz_str = (char*) malloc( strlen(psz_format) + INTF_MAX_MSG_SIZE );
+    psz_str = (char*) malloc( i_size * sizeof(char) );
 #endif
    if( psz_str == NULL )
@@ -284,11 +287,12 @@ static void QueueMsg( vlc_object_t *p_this, int i_type, const char *psz_module,
        fprintf( stderr, "main warning: couldn't print message\n" );
        return;
    }
-    vsprintf( psz_str, psz_temp, args );
+    vsnprintf( psz_str, i_size, psz_temp, args );
    free( psz_temp );
 #   else
-    vsprintf( psz_str, psz_format, args );
+    vsnprintf( psz_str, i_size, psz_format, args );
 #   endif
+    psz_str[ i_size - 1 ] = 0; /* Just in case */
 #endif
    /* Put message in queue */