Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
95491aa7
Commit
95491aa7
authored
Nov 04, 2008
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix buffer overflow
Pointed-out-by. Tobias Klein <tk@trapkit.de>
parent
337c8691
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
36 additions
and
38 deletions
+36
-38
modules/access/vcd/cdrom.c
modules/access/vcd/cdrom.c
+36
-38
No files found.
modules/access/vcd/cdrom.c
View file @
95491aa7
...
@@ -820,6 +820,7 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
...
@@ -820,6 +820,7 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
char
*
psz_vcdfile
=
NULL
;
char
*
psz_vcdfile
=
NULL
;
char
*
psz_cuefile
=
NULL
;
char
*
psz_cuefile
=
NULL
;
FILE
*
cuefile
=
NULL
;
FILE
*
cuefile
=
NULL
;
int
*
p_sectors
=
NULL
;
char
line
[
1024
];
char
line
[
1024
];
bool
b_found
=
false
;
bool
b_found
=
false
;
...
@@ -858,7 +859,6 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
...
@@ -858,7 +859,6 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
cuefile
=
utf8_fopen
(
psz_cuefile
,
"rt"
);
cuefile
=
utf8_fopen
(
psz_cuefile
,
"rt"
);
if
(
cuefile
==
NULL
)
if
(
cuefile
==
NULL
)
{
{
i_ret
=
-
1
;
msg_Dbg
(
p_this
,
"could not find .cue file"
);
msg_Dbg
(
p_this
,
"could not find .cue file"
);
goto
error
;
goto
error
;
}
}
...
@@ -904,58 +904,56 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
...
@@ -904,58 +904,56 @@ static int OpenVCDImage( vlc_object_t * p_this, const char *psz_dev,
}
}
if
(
p_vcddev
->
i_vcdimage_handle
==
-
1
)
if
(
p_vcddev
->
i_vcdimage_handle
==
-
1
)
{
i_ret
=
-
1
;
goto
error
;
goto
error
;
}
else
i_ret
=
0
;
/* Try to parse the i_tracks and p_sectors info so we can just forget
/* Try to parse the i_tracks and p_sectors info so we can just forget
* about the cuefile */
* about the cuefile */
if
(
i_ret
==
0
)
size_t
i_tracks
=
0
;
{
int
p_sectors
[
100
];
int
i_tracks
=
0
;
int
i_num
;
char
psz_dummy
[
10
];
while
(
fgets
(
line
,
1024
,
cuefile
)
)
while
(
fgets
(
line
,
1024
,
cuefile
)
)
{
{
/* look for a TRACK line */
/* look for a TRACK line */
if
(
!
sscanf
(
line
,
"%9s"
,
psz_dummy
)
||
char
psz_dummy
[
9
];
strcmp
(
psz_dummy
,
"TRACK"
)
)
if
(
!
sscanf
(
line
,
"%9s"
,
psz_dummy
)
||
strcmp
(
psz_dummy
,
"TRACK"
)
)
continue
;
continue
;
/* look for an INDEX line */
/* look for an INDEX line */
while
(
fgets
(
line
,
1024
,
cuefile
)
)
while
(
fgets
(
line
,
1024
,
cuefile
)
)
{
{
int
i_min
,
i_sec
,
i_frame
;
int
i_num
,
i_min
,
i_sec
,
i_frame
;
if
(
(
sscanf
(
line
,
"%9s %2u %2u:%2u:%2u"
,
psz_dummy
,
&
i_num
,
if
(
(
sscanf
(
line
,
"%*9s %2u %2u:%2u:%2u"
,
&
i_num
,
&
i_min
,
&
i_sec
,
&
i_frame
)
!=
5
)
||
(
i_num
!=
1
)
)
&
i_min
,
&
i_sec
,
&
i_frame
)
!=
4
)
||
(
i_num
!=
1
)
)
continue
;
continue
;
i_tracks
++
;
int
*
buf
=
realloc
(
p_sectors
,
(
i_tracks
+
1
)
*
sizeof
(
int
));
p_sectors
[
i_tracks
-
1
]
=
MSF_TO_LBA
(
i_min
,
i_sec
,
i_frame
);
if
(
buf
==
NULL
)
goto
error
;
p_sectors
=
buf
;
p_sectors
[
i_tracks
]
=
MSF_TO_LBA
(
i_min
,
i_sec
,
i_frame
);
msg_Dbg
(
p_this
,
"vcd track %i begins at sector:%i"
,
msg_Dbg
(
p_this
,
"vcd track %i begins at sector:%i"
,
i_tracks
-
1
,
p_sectors
[
i_tracks
-
1
]
);
i_tracks
,
p_sectors
[
i_tracks
]
);
i_tracks
++
;
break
;
break
;
}
}
}
}
/* fill in the last entry */
/* fill in the last entry */
int
*
buf
=
realloc
(
p_sectors
,
(
i_tracks
+
1
)
*
sizeof
(
int
));
if
(
buf
==
NULL
)
goto
error
;
p_sectors
=
buf
;
p_sectors
[
i_tracks
]
=
lseek
(
p_vcddev
->
i_vcdimage_handle
,
0
,
SEEK_END
)
p_sectors
[
i_tracks
]
=
lseek
(
p_vcddev
->
i_vcdimage_handle
,
0
,
SEEK_END
)
/
VCD_SECTOR_SIZE
;
/
VCD_SECTOR_SIZE
;
msg_Dbg
(
p_this
,
"vcd track %i, begins at sector:%i"
,
msg_Dbg
(
p_this
,
"vcd track %i, begins at sector:%i"
,
i_tracks
,
p_sectors
[
i_tracks
]
);
i_tracks
,
p_sectors
[
i_tracks
]
);
p_vcddev
->
i_tracks
=
i_tracks
;
p_vcddev
->
i_tracks
=
++
i_tracks
;
p_vcddev
->
p_sectors
=
malloc
(
(
i_tracks
+
1
)
*
sizeof
(
int
)
);
p_vcddev
->
p_sectors
=
p_sectors
;
memcpy
(
p_vcddev
->
p_sectors
,
p_sectors
,
(
i_tracks
+
1
)
*
sizeof
(
int
)
);
i_ret
=
0
;
}
error:
error:
if
(
cuefile
)
fclose
(
cuefile
);
if
(
cuefile
)
fclose
(
cuefile
);
free
(
p_sectors
);
free
(
psz_cuefile
);
free
(
psz_cuefile
);
free
(
psz_vcdfile
);
free
(
psz_vcdfile
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment