-
Cheng Sun authored
Close #5675 Because ExecuteCommand allocates temporary string space on the stack, proportional to the length of the command to execute, a stack overflow can occur when the the command is too long. This can be triggered remotely e.g. from the VLC Web interface, by running this JavaScript: sendVLMCmd(Array.prototype.join.call({length:300000},'a')); which sends a string of length 300000 to ExecuteCommand, crashing VLC. OKed-by:Rafaël Carré <funman@videolan.org> Signed-off-by:
Jean-Baptiste Kempf <jb@videolan.org> (cherry picked from commit e183a26d4346a5b05a276cde0fd97d33b8cfe72b) Signed-off-by:
85acf699
