Commit e0eb585a authored by Ivan Kalvachev's avatar Ivan Kalvachev Committed by Steve Lhomme
Browse files


Fix crash on some DVDs
sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef"
in this case this leads to local array buffer overflow and hard to trace stack corruption.
The quick, easy & dirty solution is to use (unsigned char) or (uint8_t)
parent 191f02b6
......@@ -404,7 +404,8 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
uint8_t p_sector[DVDCSS_BLOCK_SIZE];
char psz_debug[PATH_MAX + 30];
char psz_key[1 + KEY_SIZE * 2 + 1];
char *psz_title, *psz_serial;
char *psz_title;
uint8_t *psz_serial;
int i;
/* We read sector 0. If it starts with 0x000001ba (BE), we are
......@@ -462,7 +463,7 @@ LIBDVDCSS_EXPORT dvdcss_t dvdcss_open ( char *psz_target )
}
/* Get the date + serial */
psz_serial = (char *)p_sector + 813;
psz_serial = p_sector + 813;
psz_serial[16] = '\0';
/* Check that all characters are digits, otherwise convert. */
......@@ -795,3 +796,4 @@ LIBDVDCSS_EXPORT int dvdcss_title ( dvdcss_t dvdcss, int i_block )
return _dvdcss_title( dvdcss, i_block );
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment