Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
dee1ccf0
Commit
dee1ccf0
authored
Nov 17, 2014
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
gvp: fix leaks and integer overflow on multi-lines
parent
f133cc09
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
30 additions
and
43 deletions
+30
-43
modules/demux/playlist/gvp.c
modules/demux/playlist/gvp.c
+30
-43
No files found.
modules/demux/playlist/gvp.c
View file @
dee1ccf0
...
@@ -97,13 +97,13 @@ int Import_GVP( vlc_object_t *p_this )
...
@@ -97,13 +97,13 @@ int Import_GVP( vlc_object_t *p_this )
static
int
Demux
(
demux_t
*
p_demux
)
static
int
Demux
(
demux_t
*
p_demux
)
{
{
char
*
psz_line
;
char
*
psz_line
;
char
*
psz_attrvalue
;
char
*
psz_version
=
NULL
;
char
*
psz_version
=
NULL
;
char
*
psz_url
=
NULL
;
char
*
psz_url
=
NULL
;
char
*
psz_docid
=
NULL
;
char
*
psz_docid
=
NULL
;
char
*
psz_title
=
NULL
;
char
*
psz_title
=
NULL
;
char
*
psz_description
=
NULL
;
char
*
psz_desc
=
NULL
;
size_t
desclen
=
0
;
input_item_t
*
p_input
;
input_item_t
*
p_input
;
input_item_t
*
p_current_input
=
GetCurrentItem
(
p_demux
);
input_item_t
*
p_current_input
=
GetCurrentItem
(
p_demux
);
...
@@ -118,54 +118,41 @@ static int Demux( demux_t *p_demux )
...
@@ -118,54 +118,41 @@ static int Demux( demux_t *p_demux )
free
(
psz_line
);
free
(
psz_line
);
continue
;
continue
;
}
}
psz_attrvalue
=
strchr
(
psz_line
,
':'
);
if
(
!
psz_attrvalue
)
char
*
value
=
strchr
(
psz_line
,
':'
);
if
(
value
==
NULL
)
{
{
msg_Dbg
(
p_demux
,
"Unable to parse line (%s)"
,
psz_line
);
msg_Dbg
(
p_demux
,
"Unable to parse line (%s)"
,
psz_line
);
free
(
psz_line
);
free
(
psz_line
);
continue
;
continue
;
}
}
*
psz_attrvalue
=
'\0'
;
*
(
value
++
)
=
'\0'
;
psz_attrvalue
++
;
if
(
!
strcmp
(
psz_line
,
"gvp_version"
)
)
size_t
len
=
strlen
(
value
);
{
if
(
len
>
0
&&
value
[
len
-
1
]
==
'\r'
)
psz_version
=
strdup
(
psz_attrvalue
);
value
[
--
len
]
=
'\0'
;
/* strip trailing CR */
}
else
if
(
!
strcmp
(
psz_line
,
"url"
)
)
if
(
psz_version
==
NULL
&&
!
strcmp
(
psz_line
,
"gvp_version"
)
)
{
psz_version
=
strdup
(
value
);
psz_url
=
strdup
(
psz_attrvalue
);
else
if
(
psz_url
==
NULL
&&
!
strcmp
(
psz_line
,
"url"
)
)
}
psz_url
=
strdup
(
value
);
else
if
(
!
strcmp
(
psz_line
,
"docid"
)
)
else
if
(
psz_docid
==
NULL
&&
!
strcmp
(
psz_line
,
"docid"
)
)
{
psz_docid
=
strdup
(
value
);
psz_docid
=
strdup
(
psz_attrvalue
);
}
else
if
(
!
strcmp
(
psz_line
,
"duration"
)
)
else
if
(
!
strcmp
(
psz_line
,
"duration"
)
)
/*atoi( psz_attrvalue )*/
;
/*atoi( psz_attrvalue )*/
;
else
if
(
!
strcmp
(
psz_line
,
"title"
)
)
else
if
(
psz_title
==
NULL
&&
!
strcmp
(
psz_line
,
"title"
)
)
psz_title
=
strdup
(
value
);
else
if
(
!
strcmp
(
psz_line
,
"description"
)
&&
desclen
<
32768
&&
len
<
32768
)
{
{
psz_title
=
strdup
(
psz_attrvalue
);
char
*
buf
=
realloc
(
psz_desc
,
desclen
+
1
+
len
+
1
);
}
if
(
buf
!=
NULL
)
else
if
(
!
strcmp
(
psz_line
,
"description"
)
)
{
char
*
buf
;
if
(
!
psz_description
)
{
psz_description
=
strdup
(
psz_attrvalue
);
}
else
{
/* handle multi-line descriptions */
if
(
asprintf
(
&
buf
,
"%s
\n
%s"
,
psz_description
,
psz_attrvalue
)
==
-
1
)
buf
=
NULL
;
free
(
psz_description
);
psz_description
=
buf
;
}
/* remove ^M char at the end of the line (if any) */
buf
=
psz_description
+
strlen
(
psz_description
);
if
(
buf
!=
psz_description
)
{
{
buf
--
;
if
(
desclen
>
0
)
if
(
*
buf
==
'\r'
)
*
buf
=
'\0'
;
buf
[
desclen
++
]
=
'\n'
;
memcpy
(
buf
+
desclen
,
value
,
len
+
1
);
desclen
+=
len
;
psz_desc
=
buf
;
}
}
}
}
free
(
psz_line
);
free
(
psz_line
);
...
@@ -182,7 +169,7 @@ static int Demux( demux_t *p_demux )
...
@@ -182,7 +169,7 @@ static int Demux( demux_t *p_demux )
p_input, _("Google Video"), type, "%s", field ) ; }
p_input, _("Google Video"), type, "%s", field ) ; }
SADD_INFO
(
"gvp_version"
,
psz_version
);
SADD_INFO
(
"gvp_version"
,
psz_version
);
SADD_INFO
(
"docid"
,
psz_docid
);
SADD_INFO
(
"docid"
,
psz_docid
);
SADD_INFO
(
"description"
,
psz_desc
ription
);
SADD_INFO
(
"description"
,
psz_desc
);
input_item_node_AppendItem
(
p_subitems
,
p_input
);
input_item_node_AppendItem
(
p_subitems
,
p_input
);
vlc_gc_decref
(
p_input
);
vlc_gc_decref
(
p_input
);
}
}
...
@@ -195,7 +182,7 @@ static int Demux( demux_t *p_demux )
...
@@ -195,7 +182,7 @@ static int Demux( demux_t *p_demux )
free
(
psz_url
);
free
(
psz_url
);
free
(
psz_docid
);
free
(
psz_docid
);
free
(
psz_title
);
free
(
psz_title
);
free
(
psz_desc
ription
);
free
(
psz_desc
);
return
0
;
/* Needed for correct operation of go back */
return
0
;
/* Needed for correct operation of go back */
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
