Fix potential buffer overflow (CID 191)

author Rémi Duraffort <ivoire@videolan.org>

Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)

committer Rémi Duraffort <ivoire@videolan.org>

Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)
author Rémi Duraffort <ivoire@videolan.org>
Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)
committer Rémi Duraffort <ivoire@videolan.org>
Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)
diff --git a/modules/misc/osd/simple.c b/modules/misc/osd/simple.c

index 938fb0660562cac41954dbb347bae153ff1b84b0..f17ebaf3aa025a3c34a89895ec4e7f6660abb519 100644 (file)
--- a/modules/misc/osd/simple.c
+++ b/modules/misc/osd/simple.c
@@ -93,8 +93,11 @@ int osd_parser_simpleOpen( vlc_object_t *p_this )
          /* NULL terminate before asking the length of path[] */
          path[PATH_MAX-1] = '\0';
          i_len = strlen(&path[0]);
-        if( i_len == PATH_MAX )
-            i_len--; /* truncate to prevent buffer overflow */
+        /* Protect against buffer overflow:
+         * max index is PATH_MAX-1 and we increment by 1 after
+         * so PATH_MAX-2 is the bigest we can have */
+        if( i_len > PATH_MAX - 2 )
+            i_len = PATH_MAX - 2;
  #if defined(WIN32) || defined(UNDER_CE)
          if( (i_len > 0) && path[i_len] != '\\' )
              path[i_len] = '\\';
author	Rémi Duraffort <ivoire@videolan.org>
	Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)
committer	Rémi Duraffort <ivoire@videolan.org>
	Fri, 10 Oct 2008 19:41:54 +0000 (21:41 +0200)