Commit c5b02d01 authored by Laurent Aimar's avatar Laurent Aimar

Fixed potential stack overflow in mp4 demuxer.

Reported by Sebastian Apelt, Siberas.
parent 861e374d
......@@ -2876,18 +2876,24 @@ static void __MP4_BoxDumpStructure( stream_t *s,
}
else
{
char str[512];
unsigned int i;
memset( str, (uint8_t)' ', 512 );
char str[512];
if( i_level * 5 + 1 >= sizeof(str) )
return;
memset( str, ' ', sizeof(str) );
for( i = 0; i < i_level; i++ )
{
str[i*5] = '|';
}
if MP4_BOX_TYPE_ASCII()
sprintf( str + i_level * 5, "+ %4.4s size %d",
if( MP4_BOX_TYPE_ASCII() )
snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"+ %4.4s size %d",
(char*)&p_box->i_type, (uint32_t)p_box->i_size );
else
sprintf( str + i_level * 5, "+ c%3.3s size %d",
snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"+ c%3.3s size %d",
(char*)&p_box->i_type+1, (uint32_t)p_box->i_size );
msg_Dbg( s, "%s", str );
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment