• Cheng Sun's avatar
    Fix stack overflow in ExecuteCommand · e183a26d
    Cheng Sun authored
    Close #5675
    
    Because ExecuteCommand allocates temporary string space on the stack,
    proportional to the length of the command to execute, a stack overflow can
    occur when the the command is too long.
    
    This can be triggered remotely e.g. from the VLC Web interface, by
    running this JavaScript:
    
    sendVLMCmd(Array.prototype.join.call({length:300000},'a'));
    
    which sends a string of length 300000 to ExecuteCommand, crashing VLC.
    OKed-by: Rafaël Carré's avatarRafaël Carré <funman@videolan.org>
    Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
    e183a26d
vlmshell.c 54.4 KB