Annotation of /trunk/mplayer/patches/mplayer-1.0_rc1-CVE-2007-2948.patch
Parent Directory | Revision Log
Revision 224 -
(hide annotations)
(download)
Sat Jun 23 13:53:28 2007 UTC (17 years, 3 months ago) by niro
File size: 1226 byte(s)
Sat Jun 23 13:53:28 2007 UTC (17 years, 3 months ago) by niro
File size: 1226 byte(s)
-new fixes
1 | niro | 224 | --- trunk/stream/stream_cddb.c 2007/05/10 11:43:39 23287 |
2 | +++ trunk/stream/stream_cddb.c 2007/06/05 11:13:32 23470 | ||
3 | @@ -377,7 +377,7 @@ | ||
4 | |||
5 | switch(status) { | ||
6 | case 210: | ||
7 | - ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id); | ||
8 | + ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id); | ||
9 | if( ret!=3 ) { | ||
10 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); | ||
11 | return -1; | ||
12 | @@ -438,7 +438,7 @@ | ||
13 | ptr++; | ||
14 | // We have a list of exact/inexact matches, so which one do we use? | ||
15 | // So let's take the first one. | ||
16 | - ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title); | ||
17 | + ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title); | ||
18 | if( ret!=3 ) { | ||
19 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); | ||
20 | return -1; | ||
21 | @@ -475,7 +475,7 @@ | ||
22 | switch(status) { | ||
23 | case 200: | ||
24 | // Found exact match | ||
25 | - ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title); | ||
26 | + ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title); | ||
27 | if( ret!=4 ) { | ||
28 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); | ||
29 | return -1; |