media plugins: replace strcpy with strlcpy
Fixes a memory corruption: the ffmpeg plugin has a LOT of file extensions, which goes way past the 8 allowed characters and even past the 88 reserved bytes at the end of the structure. As a result, memory after the structure is overwritten, resulting in heap corruption and crashes. This is immediately detected by using the guarded heap. As a short term measure, use strlcpy to avoid overwriting memory, but now the ffmpeg plugin will be unable to provide any useful info. It would make sense to make media_format_info store a pointer to a string instead (similar to entry_ref), but this requires more changes and will create some incompatibility with existing apps if they use the field. Change-Id: I8d2b567a179e9f7816b72f48aedac4e8534bc044
This commit is contained in:
PulkoMandy
parent
85d9d60045
commit
a443628974
@ -68,10 +68,10 @@ TAPEReader::GetFileFormatInfo(media_file_format* oMFF)
|
||||
| media_file_format::B_KNOWS_ENCODED_AUDIO;
|
||||
oMFF->family = B_ANY_FORMAT_FAMILY;
|
||||
oMFF->version = MEDIA_FILE_FORMAT_VERSION;
|
||||
strcpy(oMFF->mime_type, MIME_TYPE_APE);
|
||||
strcpy(oMFF->pretty_name, MIME_TYPE_APE_LONG_DESCRIPTION);
|
||||
strcpy(oMFF->short_name, MIME_TYPE_APE_SHORT_DESCRIPTION);
|
||||
strcpy(oMFF->file_extension, MIME_TYPE_APE_EXTENSION);
|
||||
strlcpy(oMFF->mime_type, MIME_TYPE_APE, sizeof(oMFF->mime_type));
|
||||
strlcpy(oMFF->pretty_name, MIME_TYPE_APE_LONG_DESCRIPTION, sizeof(oMFF->pretty_name));
|
||||
strlcpy(oMFF->short_name, MIME_TYPE_APE_SHORT_DESCRIPTION, sizeof(oMFF->short_name));
|
||||
strlcpy(oMFF->file_extension, MIME_TYPE_APE_EXTENSION, sizeof(oMFF->file_extension));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -271,10 +271,10 @@ auReader::GetFileFormatInfo(media_file_format *mff)
|
||||
| media_file_format::B_IMPERFECTLY_SEEKABLE;
|
||||
mff->family = B_MISC_FORMAT_FAMILY;
|
||||
mff->version = 100;
|
||||
strcpy(mff->mime_type, "audio/x-au");
|
||||
strcpy(mff->file_extension, "au");
|
||||
strcpy(mff->short_name, "Sun audio file");
|
||||
strcpy(mff->pretty_name, "Sun audio file");
|
||||
strlcpy(mff->mime_type, "audio/x-au", sizeof(mff->mime_type));
|
||||
strlcpy(mff->file_extension, "au", sizeof(mff->file_extension));
|
||||
strlcpy(mff->short_name, "Sun audio file", sizeof(mff->short_name));
|
||||
strlcpy(mff->pretty_name, "Sun audio file", sizeof(mff->pretty_name));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1541,34 +1541,35 @@ AVFormatReader::GetFileFormatInfo(media_file_format* mff)
|
||||
mff->version = 100;
|
||||
|
||||
if (format != NULL) {
|
||||
strcpy(mff->mime_type, format->mime_type);
|
||||
strlcpy(mff->mime_type, format->mime_type, sizeof(mff->mime_type));
|
||||
} else {
|
||||
// TODO: Would be nice to be able to provide this from AVInputFormat,
|
||||
// maybe by extending the FFmpeg code itself (all demuxers).
|
||||
strcpy(mff->mime_type, "");
|
||||
mff->mime_type[0] = '\0';
|
||||
}
|
||||
|
||||
if (context->iformat->extensions != NULL)
|
||||
strcpy(mff->file_extension, context->iformat->extensions);
|
||||
strlcpy(mff->file_extension, context->iformat->extensions, sizeof(mff->file_extension));
|
||||
else {
|
||||
TRACE(" no file extensions for AVInputFormat.\n");
|
||||
strcpy(mff->file_extension, "");
|
||||
mff->file_extension[0] = '\0';
|
||||
}
|
||||
|
||||
if (context->iformat->name != NULL)
|
||||
strcpy(mff->short_name, context->iformat->name);
|
||||
strlcpy(mff->short_name, context->iformat->name, sizeof(mff->short_name));
|
||||
else {
|
||||
TRACE(" no short name for AVInputFormat.\n");
|
||||
strcpy(mff->short_name, "");
|
||||
mff->short_name[0] = '\0';
|
||||
}
|
||||
|
||||
if (context->iformat->long_name != NULL)
|
||||
sprintf(mff->pretty_name, "%s (FFmpeg)", context->iformat->long_name);
|
||||
else {
|
||||
if (context->iformat->long_name != NULL) {
|
||||
snprintf(mff->pretty_name, sizeof(mff->pretty_name), "%s (FFmpeg)",
|
||||
context->iformat->long_name);
|
||||
} else {
|
||||
if (format != NULL)
|
||||
sprintf(mff->pretty_name, "%s (FFmpeg)", format->pretty_name);
|
||||
else
|
||||
strcpy(mff->pretty_name, "Unknown (FFmpeg)");
|
||||
strlcpy(mff->pretty_name, "Unknown (FFmpeg)", sizeof(mff->pretty_name));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -50,12 +50,12 @@ AudioBufferSize(int32 channel_count, uint32 sample_format, float frame_rate, big
|
||||
void
|
||||
RawDecoder::GetCodecInfo(media_codec_info *info)
|
||||
{
|
||||
strcpy(info->short_name, "raw");
|
||||
strlcpy(info->short_name, "raw", sizeof(info->short_name));
|
||||
|
||||
if (fInputFormat.IsAudio())
|
||||
strcpy(info->pretty_name, "Raw audio decoder");
|
||||
strlcpy(info->pretty_name, "Raw audio decoder", sizeof(info->pretty_name));
|
||||
else
|
||||
strcpy(info->pretty_name, "Raw video decoder");
|
||||
strlcpy(info->pretty_name, "Raw video decoder", sizeof(info->pretty_name));
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user