Skip to content

V
vlc-gpu
Commit dfe7084e authored by Laurent Aimar's avatar Laurent Aimar
Browse files
Options

Fixed potential stack overflow in asf demuxer. 

Reported by Sebastian Apelt, Siberas.
parent cc71771a
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
modules/demux/asf/libasf.c
View file @ dfe7084e
...@@ -1471,10 +1471,9 @@ static const struct ...@@ -1471,10 +1471,9 @@ static const struct
static void ASF_ObjectDumpDebug( vlc_object_t *p_obj, static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
asf_object_common_t *p_node, int i_level ) asf_object_common_t *p_node, unsigned i_level )
{ {
char str[1024]; unsigned i;
int i;
union asf_object_u *p_child; union asf_object_u *p_child;
const char *psz_name; const char *psz_name;
...@@ -1487,12 +1486,16 @@ static void ASF_ObjectDumpDebug( vlc_object_t *p_obj, ...@@ -1487,12 +1486,16 @@ static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
} }
psz_name = ASF_ObjectDumpDebugInfo[i].psz_name; psz_name = ASF_ObjectDumpDebugInfo[i].psz_name;
char str[512];
if( i_level * 5 + 1 >= sizeof(str) )
return;
memset( str, ' ', sizeof( str ) ); memset( str, ' ', sizeof( str ) );
for( i = 1; i < i_level; i++ ) for( i = 1; i < i_level; i++ )
{ {
str[i * 5] = '|'; str[i * 5] = '|';
} }
snprintf( str + 5*i_level, 1024, snprintf( &str[5*i_level], sizeof(str) - 5*i_level,
"+ '%s' GUID "GUID_FMT" size:%"PRIu64"pos:%"PRIu64, "+ '%s' GUID "GUID_FMT" size:%"PRIu64"pos:%"PRIu64,
psz_name, psz_name,
GUID_PRINT( p_node->i_object_id ), GUID_PRINT( p_node->i_object_id ),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment