[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Libcdio-devel] [PATCH] Fix segfault when calling cd-drive with a short
From: |
Diego 'Flameeyes' Pettenò |
Subject: |
[Libcdio-devel] [PATCH] Fix segfault when calling cd-drive with a short name |
Date: |
Sun, 12 Feb 2006 03:48:13 +0100 |
User-agent: |
KMail/1.9.1 |
I found this problem quite casually while trying to see if the FreeBSD support
worked on DragonFly.
Basically when the nrg drive is built, and you call one of the programs in the
suite with a short name (one or two characters), it segfaults. The problem is
that the cdio_is_nrg() function tries to access memory after the end of the
string without checking for its length before (yes there's the a check for i
to be greater than 0, but being an unsigned int, it can't really become
lesser than 0.
The attached patch solves the problem changing the code: instead of doing a
manual check on the last three characters, it first check the length of the
string, making sure it's at least 4 characters (".nrg"), then checks if the
last three characters are "nrg" with strncasecmp().
This is safe from segfaults.. still probably libmagic could help a bit more on
checking if a file is actually an nrg image :)
--
Diego "Flameeyes" Pettenò - http://dev.gentoo.org/~flameeyes/
Gentoo/ALT lead, Gentoo/FreeBSD, Video, AMD64, Sound, PAM, KDE
libcdio-0.76-nrg-crash.patch
Description: Text Data
pgp7parF_ZQ8Q.pgp
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Libcdio-devel] [PATCH] Fix segfault when calling cd-drive with a short name,
Diego 'Flameeyes' Pettenò <=