sdp: fix potential read overflow and get rid of info.i_pos

11138293 · Rémi Denis-Courmont · fbf85e3d · 11138293
Commit 11138293 authored Sep 01, 2015 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 7 deletions

modules/access/sdp.c modules/access/sdp.c +12 -7

No files found.
--- a/modules/access/sdp.c
+++ b/modules/access/sdp.c
@@ -46,6 +46,7 @@ static int Control (access_t *, int, va_list);
 struct access_sys_t
 {
+    size_t offset;
    size_t length;
    char   data[];
 };
@@ -60,6 +61,7 @@ static int Open (vlc_object_t *obj)
        return VLC_ENOMEM;
    /* NOTE: This copy is not really needed. Better safe than sorry. */
+    sys->offset = 0;
    sys->length = len;
    memcpy (sys->data, access->psz_location, len);
@@ -85,22 +87,26 @@ static ssize_t Read (access_t *access, uint8_t *buf, size_t len)
 {
    access_sys_t *sys = access->p_sys;
-    if (access->info.i_pos >= sys->length)
+    if (sys->offset >= sys->length)
    {
        access->info.b_eof = true;
        return 0;
    }
-    if (len > sys->length)
+    if (len > sys->length - sys->offset)
-        len = sys->length;
+        len = sys->length - sys->offset;
-    memcpy (buf, sys->data + access->info.i_pos, len);
+    memcpy (buf, sys->data + sys->offset, len);
-    access->info.i_pos += len;
    return len;
 }
 static int Seek (access_t *access, uint64_t position)
 {
-    access->info.i_pos = position;
+    access_sys_t *sys = access->p_sys;
+    if (position > sys->length)
+        position = sys->length;
+    sys->offset = position;
    access->info.b_eof = false;
    return VLC_SUCCESS;
 }
@@ -135,6 +141,5 @@ static int Control (access_t *access, int query, va_list args)
        case ACCESS_SET_PAUSE_STATE:
            return VLC_SUCCESS;
    }
-    (void) access;
    return VLC_EGENERIC;
 }