Contents of /trunk/mplayer/patches/mplayer-1.0_rc1-CVE-2007-2948.patch
Parent Directory | Revision Log
Revision 224 -
(show annotations)
(download)
Sat Jun 23 13:53:28 2007 UTC (17 years, 3 months ago) by niro
File size: 1226 byte(s)
Sat Jun 23 13:53:28 2007 UTC (17 years, 3 months ago) by niro
File size: 1226 byte(s)
-new fixes
1 | --- trunk/stream/stream_cddb.c 2007/05/10 11:43:39 23287 |
2 | +++ trunk/stream/stream_cddb.c 2007/06/05 11:13:32 23470 |
3 | @@ -377,7 +377,7 @@ |
4 | |
5 | switch(status) { |
6 | case 210: |
7 | - ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id); |
8 | + ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id); |
9 | if( ret!=3 ) { |
10 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); |
11 | return -1; |
12 | @@ -438,7 +438,7 @@ |
13 | ptr++; |
14 | // We have a list of exact/inexact matches, so which one do we use? |
15 | // So let's take the first one. |
16 | - ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title); |
17 | + ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title); |
18 | if( ret!=3 ) { |
19 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); |
20 | return -1; |
21 | @@ -475,7 +475,7 @@ |
22 | switch(status) { |
23 | case 200: |
24 | // Found exact match |
25 | - ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title); |
26 | + ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title); |
27 | if( ret!=4 ) { |
28 | mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError); |
29 | return -1; |