Commit 2bc014d7 authored by Laurent Aimar's avatar Laurent Aimar

Fixed potential stack overflow in avi demuxer.

Reported by Sebastian Apelt, Siberas.
(cherry picked from commit 861e374d)
parent 89ab9b79
...@@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s, ...@@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s,
} }
static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj, static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
avi_chunk_t *p_chk, int i_level ) avi_chunk_t *p_chk, unsigned i_level )
{ {
char str[1024]; unsigned i;
int i;
avi_chunk_t *p_child; avi_chunk_t *p_child;
char str[512];
if( i_level * 5 + 1 >= sizeof(str) )
return;
memset( str, ' ', sizeof( str ) ); memset( str, ' ', sizeof( str ) );
for( i = 1; i < i_level; i++ ) for( i = 1; i < i_level; i++ )
{ {
...@@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj, ...@@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2 || p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2 ||
p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST ) p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST )
{ {
sprintf( str + i_level * 5, snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64, "%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64,
i_level ? '+' : '*', i_level ? '+' : '*',
(char*)&p_chk->common.i_chunk_fourcc, (char*)&p_chk->common.i_chunk_fourcc,
...@@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj, ...@@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
} }
else else
{ {
sprintf( str + i_level * 5, snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
"+ %4.4s size:%"PRIu64" pos:%"PRIu64, "+ %4.4s size:%"PRIu64" pos:%"PRIu64,
(char*)&p_chk->common.i_chunk_fourcc, (char*)&p_chk->common.i_chunk_fourcc,
p_chk->common.i_chunk_size, p_chk->common.i_chunk_size,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment