[gnome-vfs] cdda: Handle invalid data (#582303)
- From: Alexander Larsson <alexl src gnome org>
- To: svn-commits-list gnome org
- Subject: [gnome-vfs] cdda: Handle invalid data (#582303)
- Date: Mon, 25 May 2009 04:36:13 -0400 (EDT)
commit 706b54502b1d3ccb179a4d8b91c585e152bbae81
Author: Alexander Larsson <alexl redhat com>
Date: Mon May 25 10:33:59 2009 +0200
cdda: Handle invalid data (#582303)
Fix for CAN-2005-0706, handle negative values that may appear when
there is invalid input. Patch from openSUSE.
Note: cdda is disabled by default, so this doesn't affect all users.
---
modules/cdda-cddb.c | 36 +++++++++++++++++++++---------------
1 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/modules/cdda-cddb.c b/modules/cdda-cddb.c
index ce83b52..0ec4e25 100644
--- a/modules/cdda-cddb.c
+++ b/modules/cdda-cddb.c
@@ -537,26 +537,30 @@ static void CDDBProcessLine(char *inbuffer,DiscData *data,
else if(!g_ascii_strncasecmp(inbuffer,"TTITLE",6)) {
track=atoi(strtok(inbuffer+6,"="));
- if(track<numtracks)
+ if(track >= 0 && track<numtracks)
+ {
len=strlen(data->data_track[track].track_name);
- strncpy(data->data_track[track].track_name+len,
+ strncpy(data->data_track[track].track_name+len,
ChopWhite(strtok(NULL,"")),256-len);
+ }
}
else if(!g_ascii_strncasecmp(inbuffer,"TARTIST",7)) {
data->data_multi_artist=TRUE;
track=atoi(strtok(inbuffer+7,"="));
- if(track<numtracks)
+ if(track >= 0 && track<numtracks)
+ {
len=strlen(data->data_track[track].track_artist);
- st = strtok(NULL, "");
- if(st == NULL)
- return;
-
- strncpy(data->data_track[track].track_artist+len,
+ st = strtok(NULL, "");
+ if(st == NULL)
+ return;
+
+ strncpy(data->data_track[track].track_artist+len,
ChopWhite(st),256-len);
+ }
}
else if(!g_ascii_strncasecmp(inbuffer,"EXTD",4)) {
len=strlen(data->data_extended);
@@ -566,15 +570,17 @@ static void CDDBProcessLine(char *inbuffer,DiscData *data,
else if(!g_ascii_strncasecmp(inbuffer,"EXTT",4)) {
track=atoi(strtok(inbuffer+4,"="));
- if(track<numtracks)
+ if(track >= 0 && track<numtracks)
+ {
len=strlen(data->data_track[track].track_extended);
- st = strtok(NULL, "");
- if(st == NULL)
- return;
-
- strncpy(data->data_track[track].track_extended+len,
- ChopWhite(st),4096-len);
+ st = strtok(NULL, "");
+ if(st == NULL)
+ return;
+
+ strncpy(data->data_track[track].track_extended+len,
+ ChopWhite(st),4096-len);
+ }
}
else if(!g_ascii_strncasecmp(inbuffer,"PLAYORDER",5)) {
len=strlen(data->data_playlist);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]