From: Rémi Duraffort <ivoire@videolan.org>
Date: Fri, 10 Oct 2008 19:41:54 +0000 (+0200)
Subject: Fix potential buffer overflow (CID 191)
X-Git-Tag: 1.0.0-pre1~2580
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=356fafa5164defa5ed37f2c6b2e673249e4890f6;p=vlc

Fix potential buffer overflow (CID 191)
---

diff --git a/modules/misc/osd/simple.c b/modules/misc/osd/simple.c
index 938fb06605..f17ebaf3aa 100644
--- a/modules/misc/osd/simple.c
+++ b/modules/misc/osd/simple.c
@@ -93,8 +93,11 @@ int osd_parser_simpleOpen( vlc_object_t *p_this )
         /* NULL terminate before asking the length of path[] */
         path[PATH_MAX-1] = '\0';
         i_len = strlen(&path[0]);
-        if( i_len == PATH_MAX )
-            i_len--; /* truncate to prevent buffer overflow */
+        /* Protect against buffer overflow:
+         * max index is PATH_MAX-1 and we increment by 1 after
+         * so PATH_MAX-2 is the bigest we can have */
+        if( i_len > PATH_MAX - 2 )
+            i_len = PATH_MAX - 2;
 #if defined(WIN32) || defined(UNDER_CE)
         if( (i_len > 0) && path[i_len] != '\\' )
             path[i_len] = '\\';