Commit 47f34be8 authored by Sam Hocevar's avatar Sam Hocevar

* ./src/interface/intf_msg.c: backported a buffer overflow fix from HEAD.

parent 095d07d4
......@@ -3,7 +3,7 @@
* Collection of useful common types and macros definitions
*****************************************************************************
* Copyright (C) 1998, 1999, 2000 VideoLAN
* $Id: common.h,v 1.108 2002/05/20 22:36:42 sam Exp $
* $Id: common.h,v 1.108.2.1 2002/08/10 19:40:03 sam Exp $
*
* Authors: Samuel Hocevar <sam@via.ecp.fr>
* Vincent Seguin <seguin@via.ecp.fr>
......@@ -457,8 +457,12 @@ typedef __int64 off_t;
# define O_NONBLOCK 0
# endif
/* These two are not defined in mingw32 (bug?) */
# ifndef snprintf
# define snprintf _snprintf /* snprintf not defined in mingw32 (bug?) */
# define snprintf _snprintf
# endif
# ifndef vsnprintf
# define vsnprintf _vsnprintf
# endif
#endif
......
......@@ -4,7 +4,7 @@
* interface, such as message output. See config.h for output configuration.
*****************************************************************************
* Copyright (C) 1998-2001 VideoLAN
* $Id: intf_msg.c,v 1.49 2002/05/17 00:58:13 sam Exp $
* $Id: intf_msg.c,v 1.49.2.1 2002/08/10 19:40:04 sam Exp $
*
* Authors: Vincent Seguin <seguin@via.ecp.fr>
*
......@@ -311,6 +311,9 @@ static void QueueMsg( int i_type, int i_level, char *psz_format, va_list ap )
#ifdef WIN32
char * psz_temp;
#endif
#ifndef HAVE_VASPRINTF
int i_size = strlen(psz_format) + INTF_MAX_MSG_SIZE;
#endif
/*
* Convert message to string
......@@ -318,7 +321,7 @@ static void QueueMsg( int i_type, int i_level, char *psz_format, va_list ap )
#ifdef HAVE_VASPRINTF
vasprintf( &psz_str, psz_format, ap );
#else
psz_str = (char*) malloc( strlen(psz_format) + INTF_MAX_MSG_SIZE );
psz_str = (char*) malloc( i_size * sizeof(char) );
#endif
if( psz_str == NULL )
......@@ -338,11 +341,12 @@ static void QueueMsg( int i_type, int i_level, char *psz_format, va_list ap )
fprintf(stderr, "intf warning: couldn't print message");
return;
}
vsprintf( psz_str, psz_temp, ap );
vsnprintf( psz_str, i_size, psz_temp, ap );
free( psz_temp );
# else
vsprintf( psz_str, psz_format, ap );
vsnprintf( psz_str, i_size, psz_format, ap );
# endif
psz_str[ i_size - 1 ] = 0; /* Just in case */
#endif
/* Put message in queue */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment