# HG changeset patch
# User nathan
# Date 1212307681 -28800
# Node ID 0953c008ab80e8ea8dc0a9b90eba5e98c82fe269
# Parent  f0ca0c236cfc683abf080d463d6aab67546dd79f
fix buffer overrun in string compose

diff -r f0ca0c236cfc -r 0953c008ab80 premiereepg.c
--- a/premiereepg.c	Thu May 29 06:26:13 2008 +0800
+++ b/premiereepg.c	Sun Jun 01 16:08:01 2008 +0800
@@ -23,6 +23,7 @@
  * Or, point your browser to http://www.gnu.org/copyleft/gpl.html
  */
 
+#include <stdarg.h>
 #include <vdr/plugin.h>
 #include <vdr/filter.h>
 #include <vdr/epg.h>
@@ -138,6 +139,42 @@
   return crc&0xFFFF;
 }
 
+// --- cStrBuff ----------------------------------------------------------------
+
+class cStrBuff {
+private:
+  char *buff;
+  int size, pos;
+public:
+  cStrBuff(int Size);
+  ~cStrBuff();
+  void Printf(const char *fmt, ...) __attribute__ ((format (printf,2,3)));
+  char *Buff(void) { return (buff && pos>0) ? strdup(buff):0; }
+  };
+
+cStrBuff::cStrBuff(int Size)
+{
+  size=Size; pos=0;
+  buff=MALLOC(char,size);
+}
+
+cStrBuff::~cStrBuff()
+{
+  free(buff);
+}
+
+void cStrBuff::Printf(const char *fmt, ...)
+{
+  int s=size-pos;
+  if(buff && s>0) {
+    va_list ap;
+    va_start(ap,fmt);
+    int q=vsnprintf(buff+pos,s,fmt,ap);
+    va_end(ap);
+    if(q>0) pos+=q;
+    }
+}
+
 // --- cFilterPremiereEpg ------------------------------------------------------
 
 #define STARTTIME_BIAS (20*60)
@@ -283,27 +320,25 @@
                   trNOOP("SMS"),
                   trNOOP("WWW")
                   };
-                char buff[2048];
-                int p=0;
+                cStrBuff str(1024);
                 const unsigned char *data=d->getData().getData()+2;
                 for(int i=0; i<5; i++) {
                   int l=data[0]; 
-                  if(l>0) p+=snprintf(&buff[p],sizeof(buff)-p,"\n%s: %.*s",tr(text[i]),l,&data[1]);
+                  if(l>0) str.Printf("\n%s: %.*s",tr(text[i]),l,&data[1]);
                   data+=l+1;
                   }
-                if(p>0) order=strdup(buff);
+                order=str.Buff();
                 }
               break;
             case 0xF1: // parental rating
               if(SetupPE.RatingInfo) {
-                char buff[2048];
-                int p=0;
+                cStrBuff str(1024);
                 const unsigned char *data=d->getData().getData()+2;
-                p+=snprintf(&buff[p],sizeof(buff)-p,"\n%s: %d %s",tr("Rating"),data[0]+3,tr("years"));
+                str.Printf("\n%s: %d %s",tr("Rating"),data[0]+3,tr("years"));
                 data+=7;
                 int l=data[0]; 
-                if(l>0) p+=snprintf(&buff[p],sizeof(buff)-p," (%.*s)",l,&data[1]);
-                if(p>0) rating=strdup(buff);
+                if(l>0) str.Printf(" (%.*s)",l,&data[1]);
+                rating=str.Buff();
                 }
               break;
             case SI::PremiereContentTransmissionDescriptorTag: