Mercurial Mercurial > premiereepg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | bz2 | gz | help
fix buffer overrun in string compose trunk
authornathan
Sun, 01 Jun 2008 16:08:01 +0800
branchtrunk
changeset 260953c008ab80
parent 25 f0ca0c236cfc
child 27 3465e430299f
fix buffer overrun in string compose
premiereepg.c file | annotate | diff | comparison | revisions 
     1.1 --- a/premiereepg.c	Thu May 29 06:26:13 2008 +0800
     1.2 +++ b/premiereepg.c	Sun Jun 01 16:08:01 2008 +0800
     1.3 @@ -23,6 +23,7 @@
     1.4   * Or, point your browser to http://www.gnu.org/copyleft/gpl.html
     1.5   */
     1.6  
     1.7 +#include <stdarg.h>
     1.8  #include <vdr/plugin.h>
     1.9  #include <vdr/filter.h>
    1.10  #include <vdr/epg.h>
    1.11 @@ -138,6 +139,42 @@
    1.12    return crc&0xFFFF;
    1.13  }
    1.14  
    1.15 +// --- cStrBuff ----------------------------------------------------------------
    1.16 +
    1.17 +class cStrBuff {
    1.18 +private:
    1.19 +  char *buff;
    1.20 +  int size, pos;
    1.21 +public:
    1.22 +  cStrBuff(int Size);
    1.23 +  ~cStrBuff();
    1.24 +  void Printf(const char *fmt, ...) __attribute__ ((format (printf,2,3)));
    1.25 +  char *Buff(void) { return (buff && pos>0) ? strdup(buff):0; }
    1.26 +  };
    1.27 +
    1.28 +cStrBuff::cStrBuff(int Size)
    1.29 +{
    1.30 +  size=Size; pos=0;
    1.31 +  buff=MALLOC(char,size);
    1.32 +}
    1.33 +
    1.34 +cStrBuff::~cStrBuff()
    1.35 +{
    1.36 +  free(buff);
    1.37 +}
    1.38 +
    1.39 +void cStrBuff::Printf(const char *fmt, ...)
    1.40 +{
    1.41 +  int s=size-pos;
    1.42 +  if(buff && s>0) {
    1.43 +    va_list ap;
    1.44 +    va_start(ap,fmt);
    1.45 +    int q=vsnprintf(buff+pos,s,fmt,ap);
    1.46 +    va_end(ap);
    1.47 +    if(q>0) pos+=q;
    1.48 +    }
    1.49 +}
    1.50 +
    1.51  // --- cFilterPremiereEpg ------------------------------------------------------
    1.52  
    1.53  #define STARTTIME_BIAS (20*60)
    1.54 @@ -283,27 +320,25 @@
    1.55                    trNOOP("SMS"),
    1.56                    trNOOP("WWW")
    1.57                    };
    1.58 -                char buff[2048];
    1.59 -                int p=0;
    1.60 +                cStrBuff str(1024);
    1.61                  const unsigned char *data=d->getData().getData()+2;
    1.62                  for(int i=0; i<5; i++) {
    1.63                    int l=data[0]; 
    1.64 -                  if(l>0) p+=snprintf(&buff[p],sizeof(buff)-p,"\n%s: %.*s",tr(text[i]),l,&data[1]);
    1.65 +                  if(l>0) str.Printf("\n%s: %.*s",tr(text[i]),l,&data[1]);
    1.66                    data+=l+1;
    1.67                    }
    1.68 -                if(p>0) order=strdup(buff);
    1.69 +                order=str.Buff();
    1.70                  }
    1.71                break;
    1.72              case 0xF1: // parental rating
    1.73                if(SetupPE.RatingInfo) {
    1.74 -                char buff[2048];
    1.75 -                int p=0;
    1.76 +                cStrBuff str(1024);
    1.77                  const unsigned char *data=d->getData().getData()+2;
    1.78 -                p+=snprintf(&buff[p],sizeof(buff)-p,"\n%s: %d %s",tr("Rating"),data[0]+3,tr("years"));
    1.79 +                str.Printf("\n%s: %d %s",tr("Rating"),data[0]+3,tr("years"));
    1.80                  data+=7;
    1.81                  int l=data[0]; 
    1.82 -                if(l>0) p+=snprintf(&buff[p],sizeof(buff)-p," (%.*s)",l,&data[1]);
    1.83 -                if(p>0) rating=strdup(buff);
    1.84 +                if(l>0) str.Printf(" (%.*s)",l,&data[1]);
    1.85 +                rating=str.Buff();
    1.86                  }
    1.87                break;
    1.88              case SI::PremiereContentTransmissionDescriptorTag:
premiereepg