Fixed potential stack overflow in asf demuxer.

author Laurent Aimar <fenrir@videolan.org>

Tue, 15 Sep 2009 19:00:14 +0000 (21:00 +0200)

committer Laurent Aimar <fenrir@videolan.org>

Tue, 15 Sep 2009 19:04:48 +0000 (21:04 +0200)
author Laurent Aimar <fenrir@videolan.org>
Tue, 15 Sep 2009 19:00:14 +0000 (21:00 +0200)
committer Laurent Aimar <fenrir@videolan.org>
Tue, 15 Sep 2009 19:04:48 +0000 (21:04 +0200)
diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c

index 6b5e07b097f4aa00397d7bd9ac7259b49ec73f06..4b49222b2fdb583527527d9e4d4a829ffa3cec88 100644 (file)
--- a/modules/demux/asf/libasf.c
+++ b/modules/demux/asf/libasf.c
@@ -1471,10 +1471,9 @@ static const struct
  
  
  static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
-                                 asf_object_common_t *p_node, int i_level )
+                                 asf_object_common_t *p_node, unsigned i_level )
  {
-    char str[1024];
-    int i;
+    unsigned i;
      union asf_object_u *p_child;
      const char *psz_name;
  
@@ -1487,12 +1486,16 @@ static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
      }
      psz_name = ASF_ObjectDumpDebugInfo[i].psz_name;
  
+    char str[512];
+    if( i_level * 5 + 1 >= sizeof(str) )
+        return;
+
      memset( str, ' ', sizeof( str ) );
      for( i = 1; i < i_level; i++ )
      {
          str[i * 5] = '|';
      }
-    snprintf( str + 5*i_level, 1024,
+    snprintf( &str[5*i_level], sizeof(str) - 5*i_level,
               "+ '%s' GUID "GUID_FMT" size:%"PRIu64"pos:%"PRIu64,
               psz_name,
               GUID_PRINT( p_node->i_object_id ),
author	Laurent Aimar <fenrir@videolan.org>
	Tue, 15 Sep 2009 19:00:14 +0000 (21:00 +0200)
committer	Laurent Aimar <fenrir@videolan.org>
	Tue, 15 Sep 2009 19:04:48 +0000 (21:04 +0200)