Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-gpu
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-gpu
Commits
afe3464a
Commit
afe3464a
authored
Aug 24, 2008
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MMS integers handling fixes, including buffer overflow
Pointed-out-by: Pınar Yanardağ
parent
8f529eae
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
14 additions
and
14 deletions
+14
-14
modules/access/mms/mmstu.c
modules/access/mms/mmstu.c
+11
-11
modules/access/mms/mmstu.h
modules/access/mms/mmstu.h
+3
-3
No files found.
modules/access/mms/mmstu.c
View file @
afe3464a
...
@@ -739,9 +739,9 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
...
@@ -739,9 +739,9 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
GetDWLE
(
p_sys
->
p_cmd
+
MMS_CMD_HEADERSIZE
+
60
);
GetDWLE
(
p_sys
->
p_cmd
+
MMS_CMD_HEADERSIZE
+
60
);
msg_Dbg
(
p_access
,
msg_Dbg
(
p_access
,
"answer 0x06 flags:0x%8.8
x media_length:%u
s "
"answer 0x06 flags:0x%8.8
"
PRIx32
" media_length:%"
PRIu32
"
s "
"packet_length:%
ul packet_count:%d
max_bit_rate:%d "
"packet_length:%
zul packet_count:%"
PRId32
"
max_bit_rate:%d "
"header_size:%
d
"
,
"header_size:%
zu
"
,
p_sys
->
i_flags_broadcast
,
p_sys
->
i_flags_broadcast
,
p_sys
->
i_media_length
,
p_sys
->
i_media_length
,
(
unsigned
)
p_sys
->
i_packet_length
,
(
unsigned
)
p_sys
->
i_packet_length
,
...
@@ -795,12 +795,12 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
...
@@ -795,12 +795,12 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
if
(
p_sys
->
i_header
>=
p_sys
->
i_header_size
)
if
(
p_sys
->
i_header
>=
p_sys
->
i_header_size
)
{
{
msg_Dbg
(
p_access
,
msg_Dbg
(
p_access
,
"header complete(%
d
)"
,
"header complete(%
zu
)"
,
p_sys
->
i_header
);
p_sys
->
i_header
);
break
;
break
;
}
}
msg_Dbg
(
p_access
,
msg_Dbg
(
p_access
,
"header incomplete (%
d/%d
), reading more"
,
"header incomplete (%
zu/%zu
), reading more"
,
p_sys
->
i_header
,
p_sys
->
i_header
,
p_sys
->
i_header_size
);
p_sys
->
i_header_size
);
}
}
...
@@ -1169,7 +1169,7 @@ static int NetFillBuffer( access_t *p_access )
...
@@ -1169,7 +1169,7 @@ static int NetFillBuffer( access_t *p_access )
static
int
mms_ParseCommand
(
access_t
*
p_access
,
static
int
mms_ParseCommand
(
access_t
*
p_access
,
uint8_t
*
p_data
,
uint8_t
*
p_data
,
in
t
i_data
,
size_
t
i_data
,
int
*
pi_used
)
int
*
pi_used
)
{
{
#define GET32( i_pos ) \
#define GET32( i_pos ) \
...
@@ -1178,7 +1178,7 @@ static int mms_ParseCommand( access_t *p_access,
...
@@ -1178,7 +1178,7 @@ static int mms_ParseCommand( access_t *p_access,
( p_sys->p_cmd[i_pos + 3] << 24 ) )
( p_sys->p_cmd[i_pos + 3] << 24 ) )
access_sys_t
*
p_sys
=
p_access
->
p_sys
;
access_sys_t
*
p_sys
=
p_access
->
p_sys
;
int
i_length
;
uint32_t
i_length
;
uint32_t
i_id
;
uint32_t
i_id
;
free
(
p_sys
->
p_cmd
);
free
(
p_sys
->
p_cmd
);
...
@@ -1197,10 +1197,10 @@ static int mms_ParseCommand( access_t *p_access,
...
@@ -1197,10 +1197,10 @@ static int mms_ParseCommand( access_t *p_access,
i_id
=
GetDWLE
(
p_data
+
4
);
i_id
=
GetDWLE
(
p_data
+
4
);
i_length
=
GetDWLE
(
p_data
+
8
)
+
16
;
i_length
=
GetDWLE
(
p_data
+
8
)
+
16
;
if
(
i_id
!=
0xb00bface
)
if
(
i_id
!=
0xb00bface
||
i_length
<
16
)
{
{
msg_Err
(
p_access
,
msg_Err
(
p_access
,
"incorrect command header (0x%
x
)"
,
i_id
);
"incorrect command header (0x%
"
PRIx32
"
)"
,
i_id
);
p_sys
->
i_command
=
0
;
p_sys
->
i_command
=
0
;
return
-
1
;
return
-
1
;
}
}
...
@@ -1208,8 +1208,8 @@ static int mms_ParseCommand( access_t *p_access,
...
@@ -1208,8 +1208,8 @@ static int mms_ParseCommand( access_t *p_access,
if
(
i_length
>
p_sys
->
i_cmd
)
if
(
i_length
>
p_sys
->
i_cmd
)
{
{
msg_Warn
(
p_access
,
msg_Warn
(
p_access
,
"truncated command (missing %
d
bytes)"
,
"truncated command (missing %
zu
bytes)"
,
i_length
-
i_data
);
(
size_t
)
i_length
-
i_data
);
p_sys
->
i_command
=
0
;
p_sys
->
i_command
=
0
;
return
-
1
;
return
-
1
;
}
}
...
...
modules/access/mms/mmstu.h
View file @
afe3464a
...
@@ -67,10 +67,10 @@ struct access_sys_t
...
@@ -67,10 +67,10 @@ struct access_sys_t
int
i_packet_seq_num
;
int
i_packet_seq_num
;
uint8_t
*
p_cmd
;
/* latest command read */
uint8_t
*
p_cmd
;
/* latest command read */
int
i_cmd
;
/* allocated at the begining */
size_t
i_cmd
;
/* allocated at the begining */
uint8_t
*
p_header
;
/* allocated by mms_ReadPacket */
uint8_t
*
p_header
;
/* allocated by mms_ReadPacket */
int
i_header
;
size_t
i_header
;
uint8_t
*
p_media
;
/* allocated by mms_ReadPacket */
uint8_t
*
p_media
;
/* allocated by mms_ReadPacket */
size_t
i_media
;
size_t
i_media
;
...
@@ -91,7 +91,7 @@ struct access_sys_t
...
@@ -91,7 +91,7 @@ struct access_sys_t
size_t
i_packet_length
;
size_t
i_packet_length
;
uint32_t
i_packet_count
;
uint32_t
i_packet_count
;
int
i_max_bit_rate
;
int
i_max_bit_rate
;
int
i_header_size
;
size_t
i_header_size
;
/* misc */
/* misc */
bool
b_seekable
;
bool
b_seekable
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment