Commit 789f166b authored by Sam Hocevar's avatar Sam Hocevar
Browse files

* modules/access/vcdx/access.c: Fixed an obvious buffer overflow. This

    code is still unsafe, bounds need to be checked after each sprintf/strcat
    call.
parent 0a9aa8d0
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
* to go here. * to go here.
***************************************************************************** *****************************************************************************
* Copyright (C) 2000, 2003 VideoLAN * Copyright (C) 2000, 2003 VideoLAN
* $Id: access.c,v 1.11 2003/12/13 12:56:14 rocky Exp $ * $Id: access.c,v 1.12 2003/12/22 00:13:52 sam Exp $
* *
* Authors: Rocky Bernstein <rocky@panix.com> * Authors: Rocky Bernstein <rocky@panix.com>
* Johan Bilien <jobi@via.ecp.fr> * Johan Bilien <jobi@via.ecp.fr>
...@@ -1121,8 +1121,8 @@ VCDFormatStr(const input_thread_t *p_input, thread_vcd_data_t *p_vcd, ...@@ -1121,8 +1121,8 @@ VCDFormatStr(const input_thread_t *p_input, thread_vcd_data_t *p_vcd,
case 'L': case 'L':
if (vcdplayer_pbc_is_on(p_vcd)) { if (vcdplayer_pbc_is_on(p_vcd)) {
char num_str[10]; char num_str[40];
sprintf(num_str, _(" List ID %d"), p_vcd->cur_lid); sprintf(num_str, "%s %d", _("List ID"), p_vcd->cur_lid);
strncat(tp, num_str, TEMP_STR_LEN-(tp-temp_str)); strncat(tp, num_str, TEMP_STR_LEN-(tp-temp_str));
tp += strlen(num_str); tp += strlen(num_str);
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment