Dynamically allocate the dir list to prevent potential array overflows (I...

Dynamically allocate the dir list to prevent potential array overflows (I believe that we were writing to the 5th element of a 4 element array since the luac commits).

Dynamically allocate the dir list to prevent potential array overflows (I...
Dynamically allocate the dir list to prevent potential array overflows (I believe that we were writing to the 5th element of a 4 element array since the luac commits).
c58a5af7 · Antoine Cellerier · 38a58dec · c58a5af7 · c58a5af7 · c58a5af7
Commit c58a5af7 authored Feb 20, 2010 by Antoine Cellerier
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 12 deletions

modules/misc/lua/libs/misc.c modules/misc/lua/libs/misc.c +2 -2

modules/misc/lua/vlc.c modules/misc/lua/vlc.c +19 -9

modules/misc/lua/vlc.h modules/misc/lua/vlc.h +1 -1

No files found.
--- a/modules/misc/lua/libs/misc.c
+++ b/modules/misc/lua/libs/misc.c
@@ -155,11 +155,11 @@ static int vlclua_cachedir( lua_State *L )
 static int vlclua_datadir_list( lua_State *L )
 {
    const char *psz_dirname = luaL_checkstring( L, 1 );
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
    char **ppsz_dir = ppsz_dir_list;
    int i = 1;

-    if( vlclua_dir_list( vlclua_get_this( L ), psz_dirname, ppsz_dir_list )
+    if( vlclua_dir_list( vlclua_get_this( L ), psz_dirname, &ppsz_dir_list )
        != VLC_SUCCESS )
        return 0;
    lua_newtable( L );

--- a/modules/misc/lua/vlc.c
+++ b/modules/misc/lua/vlc.c
@@ -163,8 +163,14 @@ static int file_compare( const char **a, const char **b )
 }

 int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname,
-                     char **ppsz_dir_list )
+                     char ***pppsz_dir_list )
 {
+#define MAX_DIR_LIST_SIZE 5
+    *pppsz_dir_list = malloc(MAX_DIR_LIST_SIZE*sizeof(char *));
+    if (!*pppsz_dir_list)
+        return VLC_EGENERIC;
+    char **ppsz_dir_list = *pppsz_dir_list;
+
    int i = 0;
    char *datadir = config_GetUserDir( VLC_DATA_DIR );

@@ -197,6 +203,9 @@ int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname,
    }

    ppsz_dir_list[i] = NULL;
+
+    assert( i < MAX_DIR_LIST_SIZE);
+
    return VLC_SUCCESS;
 }

@@ -205,6 +214,7 @@ void vlclua_dir_list_free( char **ppsz_dir_list )
    char **ppsz_dir;
    for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
        free( *ppsz_dir );
+    free( ppsz_dir_list );
 }

 /*****************************************************************************
@@ -216,9 +226,9 @@ int vlclua_scripts_batch_execute( vlc_object_t *p_this,
                                  int (*func)(vlc_object_t *, const char *, void *),
                                  void * user_data)
 {
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;

-    int i_ret = vlclua_dir_list( p_this, luadirname, ppsz_dir_list );
+    int i_ret = vlclua_dir_list( p_this, luadirname, &ppsz_dir_list );
    if( i_ret != VLC_SUCCESS )
        return i_ret;
    i_ret = VLC_EGENERIC;
@@ -270,9 +280,9 @@ int vlclua_scripts_batch_execute( vlc_object_t *p_this,

 char *vlclua_find_file( vlc_object_t *p_this, const char *psz_luadirname, const char *psz_name )
 {
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
    char **ppsz_dir;
-    vlclua_dir_list( p_this, psz_luadirname, ppsz_dir_list );
+    vlclua_dir_list( p_this, psz_luadirname, &ppsz_dir_list );
    for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
    {
        for( const char **ppsz_ext = ppsz_lua_exts; *ppsz_ext; ppsz_ext++ )
@@ -577,10 +587,10 @@ static int vlc_sd_probe_Open( vlc_object_t *obj )
    char **ppsz_fileend  = NULL;
    char **ppsz_file;
    char *psz_name;
-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
+    char **ppsz_dir_list = NULL;
    char **ppsz_dir;
    lua_State *L = NULL;
-    vlclua_dir_list( obj, "sd", ppsz_dir_list );
+    vlclua_dir_list( obj, "sd", &ppsz_dir_list );
    for( ppsz_dir = ppsz_dir_list; *ppsz_dir; ppsz_dir++ )
    {
        int i_files;
@@ -751,8 +761,8 @@ int __vlclua_add_modules_path( vlc_object_t *obj, lua_State *L, const char *psz_
        return 1;
    }

-    char  *ppsz_dir_list[] = { NULL, NULL, NULL, NULL };
-    vlclua_dir_list( obj, psz_char+1/* gruik? */, ppsz_dir_list );
+    char **ppsz_dir_list = NULL;
+    vlclua_dir_list( obj, psz_char+1/* gruik? */, &ppsz_dir_list );
    char **ppsz_dir = ppsz_dir_list;

    for( ; *ppsz_dir && strcmp( *ppsz_dir, psz_path ); ppsz_dir++ );

--- a/modules/misc/lua/vlc.h
+++ b/modules/misc/lua/vlc.h
@@ -106,7 +106,7 @@ int vlclua_push_ret( lua_State *, int i_error );
 int vlclua_scripts_batch_execute( vlc_object_t *p_this, const char * luadirname,
        int (*func)(vlc_object_t *, const char *, void *),
        void * user_data );
-int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname, char **ppsz_dir_list );
+int vlclua_dir_list( vlc_object_t *p_this, const char *luadirname, char ***pppsz_dir_list );
 void vlclua_dir_list_free( char **ppsz_dir_list );
 char *vlclua_find_file( vlc_object_t *p_this, const char *psz_luadirname, const char *psz_name );