Fix stack overflow in ExecuteCommand
Close #5675 Because ExecuteCommand allocates temporary string space on the stack, proportional to the length of the command to execute, a stack overflow can occur when the the command is too long. This can be triggered remotely e.g. from the VLC Web interface, by running this JavaScript: sendVLMCmd(Array.prototype.join.call({length:300000},'a')); which sends a string of length 300000 to ExecuteCommand, crashing VLC. OKed-by: Rafaël Carré <funman@videolan.org> Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org> (cherry picked from commit e183a26d) Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
Showing
Please register or sign in to comment