shithub: libdvdcss

Download patch

ref: f93ae872f22bc404aa998ef127242d2e10de1b3c
parent: d7f5aaaeee962a991df89ec92c325b1f26559f1e
author: astian <[email protected]>
date: Sat Mar 24 19:17:00 EDT 2018

Squelch potential buffer overflow warning

GCC 7.3 points out that a buffer of size PATH_MAX is being written to
with data that can theoretically overflow (a string of maximum size
PATH_MAX plus other constant-size strings).  Fix this by replacing
sprintf with snprintf.

Signed-off-by: astian <[email protected]>
Signed-off-by: Jean-Baptiste Kempf <[email protected]>

--- a/src/libdvdcss.c
+++ b/src/libdvdcss.c
@@ -320,7 +320,19 @@
         return -1;
     }
 
-    sprintf( psz_tagfile, "%s/" CACHE_TAG_NAME, dvdcss->psz_cachefile );
+    i_ret = snprintf( psz_tagfile, PATH_MAX, "%s/" CACHE_TAG_NAME,
+                      dvdcss->psz_cachefile );
+    if ( i_ret < 0 || i_ret >= PATH_MAX)
+    {
+        if ( i_ret < 0)
+            print_error( dvdcss, "failed to compose cache directory tag path");
+        else
+            print_error( dvdcss, "cache directory tag path too long: %s/" CACHE_TAG_NAME,
+                         dvdcss->psz_cachefile );
+        dvdcss->psz_cachefile[0] = '\0';
+        return -1;
+    }
+
     i_fd = open( psz_tagfile, O_RDWR|O_CREAT, 0644 );
     if( i_fd >= 0 )
     {