diff options
| author | Josh Coalson <jcoalson@users.sourceforce.net> | 2007-09-11 04:49:56 +0000 |
|---|---|---|
| committer | Josh Coalson <jcoalson@users.sourceforce.net> | 2007-09-11 04:49:56 +0000 |
| commit | 0f008d2e9e33205f97d7c7146606e93bb85e2bff (patch) | |
| tree | d9041a5c8edfd161d4fb1aa65e4ea9df96ca37a6 /src/plugin_xmms | |
| parent | 0221d87c896b6774e1ebbe43d43f66452701d766 (diff) | |
| download | flac-0f008d2e9e33205f97d7c7146606e93bb85e2bff.tar.gz | |
extra checking on memory allocation sizes to prevent a class of overflow attacks
Diffstat (limited to 'src/plugin_xmms')
| -rw-r--r-- | src/plugin_xmms/plugin.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/plugin_xmms/plugin.c b/src/plugin_xmms/plugin.c index e46d29ad..24a79b77 100644 --- a/src/plugin_xmms/plugin.c +++ b/src/plugin_xmms/plugin.c @@ -400,8 +400,13 @@ void FLAC_XMMS__get_song_info(char *filename, char **title, int *length_in_msec) if(title) { if (!is_http_source(filename)) { static const char *errtitle = "Invalid FLAC File: "; - *title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1); - sprintf(*title, "%s\"%s\"", errtitle, filename); + if(strlen(errtitle) + 1 + strlen(filename) + 1 + 1 < strlen(filename)) { /* overflow check */ + *title = NULL; + } + else { + *title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1); + sprintf(*title, "%s\"%s\"", errtitle, filename); + } } else { *title = NULL; } |