ref: f93ae872f22bc404aa998ef127242d2e10de1b3c
parent: d7f5aaaeee962a991df89ec92c325b1f26559f1e
author: astian <astian@elude.in>
date: Sat Mar 24 19:17:00 EDT 2018
Squelch potential buffer overflow warning GCC 7.3 points out that a buffer of size PATH_MAX is being written to with data that can theoretically overflow (a string of maximum size PATH_MAX plus other constant-size strings). Fix this by replacing sprintf with snprintf. Signed-off-by: astian <astian@elude.in> Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
--- a/src/libdvdcss.c
+++ b/src/libdvdcss.c
@@ -320,7 +320,19 @@
return -1;
}
- sprintf( psz_tagfile, "%s/" CACHE_TAG_NAME, dvdcss->psz_cachefile );
+ i_ret = snprintf( psz_tagfile, PATH_MAX, "%s/" CACHE_TAG_NAME,
+ dvdcss->psz_cachefile );
+ if ( i_ret < 0 || i_ret >= PATH_MAX)
+ {+ if ( i_ret < 0)
+ print_error( dvdcss, "failed to compose cache directory tag path");
+ else
+ print_error( dvdcss, "cache directory tag path too long: %s/" CACHE_TAG_NAME,
+ dvdcss->psz_cachefile );
+ dvdcss->psz_cachefile[0] = '\0';
+ return -1;
+ }
+
i_fd = open( psz_tagfile, O_RDWR|O_CREAT, 0644 );
if( i_fd >= 0 )
{