[MPlayer-dev-eng] [PATCH] one line patch to add codecs subdir to searchpath
Michael Niedermayer
michaelni at gmx.at
Sun Feb 27 01:09:54 CET 2005
Hi
On Sunday 27 February 2005 00:04, D Richard Felker III wrote:
> On Sat, Feb 26, 2005 at 09:16:26PM +0100, Gianluigi Tiesi wrote:
> > On Sat, Feb 26, 2005 at 12:42:13AM +0200, Ville Saari wrote:
> > > On Fri, Feb 25, 2005 at 08:06:46PM +0100, Gianluigi Tiesi wrote:
> > > > I've not tested on linux, but it shouldn't make problems,
> > > > on windows it permits a cleaner directory struct for mplayer.
> > >
> > > This looks suspicious:
> > > > + sprintf(tmppath,"%s;%s/codecs", tmppath, win32path);
> > >
> > > You are overwriting the same variable that you are using as input.
> > > This is likely to encounter the tmppath's terminating null before
> > > overwriting it, but sprintf is not guaranteed to behave that way
> > > and the result may be an infinite memory-trashing loop in the
> > > worst case.
> > >
> > > A safer and faster equivalent would be:
> > >
> > > sprintf(tmppath+strlen(tmppath), ";%s/codecs", win32path);
> >
> > then better to use:
> >
> > strcat(tmppath, ";");
> > strcat(tmppath, win32path);
> > strcat(tmppath, "/codecs");
>
> i think policy these days is to only use snprintf and family, so we
> don't introduce more idiotic buffer overflows.
why not ensure that code fails to compile or link if sprintf() and other
similarly risky functions are used? lavc does that too
[...]
--
Michael
"nothing is evil in the beginning. Even Sauron was not so." -- Elrond
More information about the MPlayer-dev-eng
mailing list