input: fix stack overflow if user feeds an overly large MRL

(cherry picked from commit a276d9aa) Conflicts: src/input/input.c

input: fix stack overflow if user feeds an overly large MRL
(cherry picked from commit a276d9aa) Conflicts: src/input/input.c
abc867ad · Rémi Denis-Courmont · 4d3f5285 · abc867ad
Commit abc867ad authored Mar 17, 2009 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

src/input/input.c src/input/input.c +8 -4

No files found.
--- a/src/input/input.c
+++ b/src/input/input.c
@@ -2063,8 +2063,6 @@ static int InputSourceInit( input_thread_t *p_input,
                            const char *psz_forced_demux )
 {
    const bool b_master = in == &p_input->p->input;
-    char psz_dup[strlen (psz_mrl) + 1];
    const char *psz_access;
    const char *psz_demux;
    char *psz_path;
@@ -2073,11 +2071,14 @@ static int InputSourceInit( input_thread_t *p_input,
    vlc_value_t val;
    double f_fps;
-    strcpy( psz_dup, psz_mrl );
    if( !in ) return VLC_EGENERIC;
    if( !p_input ) return VLC_EGENERIC;
+    char *psz_dup = strdup( psz_mrl );
+    if( psz_dup == NULL )
+        goto error;
    /* Split uri */
    input_SplitMRL( &psz_access, &psz_demux, &psz_path, psz_dup );
@@ -2328,6 +2329,8 @@ static int InputSourceInit( input_thread_t *p_input,
        }
    }
+    free( psz_dup );
    /* get attachment
     * FIXME improve for b_preparsing: move it after GET_META and check psz_arturl */
    if( 1 || !p_input->b_preparsing )
@@ -2367,6 +2370,7 @@ error:
    if( in->p_access )
        access_Delete( in->p_access );
+    free( psz_dup );
    return VLC_EGENERIC;
 }