summaryrefslogtreecommitdiff
path: root/applications
diff options
context:
space:
mode:
Diffstat (limited to 'applications')
-rw-r--r--applications/mp4box/fileimport.c20
-rw-r--r--applications/mp4client/main.c33
2 files changed, 49 insertions, 4 deletions
diff --git a/applications/mp4box/fileimport.c b/applications/mp4box/fileimport.c
index 437110b..e719924 100644
--- a/applications/mp4box/fileimport.c
+++ b/applications/mp4box/fileimport.c
@@ -2247,17 +2247,33 @@ GF_Err cat_multiple_files(GF_ISOFile *dest, char *fileName, u32 import_flags, Do
cat_enum.align_timelines = align_timelines;
cat_enum.allow_add_in_command = allow_add_in_command;
+ if (strlen(fileName) >= sizeof(cat_enum.szPath)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("File name %s is too long.\n", fileName));
+ return GF_NOT_SUPPORTED;
+ }
strcpy(cat_enum.szPath, fileName);
sep = strrchr(cat_enum.szPath, GF_PATH_SEPARATOR);
if (!sep) sep = strrchr(cat_enum.szPath, '/');
if (!sep) {
strcpy(cat_enum.szPath, ".");
+ if (strlen(fileName) >= sizeof(cat_enum.szRad1)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("File name %s is too long.\n", fileName));
+ return GF_NOT_SUPPORTED;
+ }
strcpy(cat_enum.szRad1, fileName);
} else {
+ if (strlen(sep + 1) >= sizeof(cat_enum.szRad1)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("File name %s is too long.\n", (sep + 1)));
+ return GF_NOT_SUPPORTED;
+ }
strcpy(cat_enum.szRad1, sep+1);
sep[0] = 0;
}
sep = strchr(cat_enum.szRad1, '*');
+ if (strlen(sep + 1) >= sizeof(cat_enum.szRad2)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("File name %s is too long.\n", (sep + 1)));
+ return GF_NOT_SUPPORTED;
+ }
strcpy(cat_enum.szRad2, sep+1);
sep[0] = 0;
sep = strchr(cat_enum.szRad2, '%');
@@ -2265,6 +2281,10 @@ GF_Err cat_multiple_files(GF_ISOFile *dest, char *fileName, u32 import_flags, Do
if (!sep) sep = strchr(cat_enum.szRad2, ':');
strcpy(cat_enum.szOpt, "");
if (sep) {
+ if (strlen(sep) >= sizeof(cat_enum.szOpt)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("Invalid option: %s.\n", sep));
+ return GF_NOT_SUPPORTED;
+ }
strcpy(cat_enum.szOpt, sep);
sep[0] = 0;
}
diff --git a/applications/mp4client/main.c b/applications/mp4client/main.c
index 397bf6c..63b4651 100644
--- a/applications/mp4client/main.c
+++ b/applications/mp4client/main.c
@@ -900,7 +900,8 @@ Bool GPAC_EventProc(void *ptr, GF_Event *evt)
break;
case GF_EVENT_NAVIGATE:
if (gf_term_is_supported_url(term, evt->navigate.to_url, 1, no_mime_check)) {
- strcpy(the_url, evt->navigate.to_url);
+ strncpy(the_url, evt->navigate.to_url, sizeof(the_url)-1);
+ the_url[sizeof(the_url) - 1] = 0;
fprintf(stderr, "Navigating to URL %s\n", the_url);
gf_term_navigate_to(term, evt->navigate.to_url);
return 1;
@@ -1089,6 +1090,11 @@ void set_cfg_option(char *opt_string)
}
{
const size_t sepIdx = sep - opt_string;
+ if (sepIdx >= sizeof(szSec)) {
+ fprintf(stderr, "Badly formatted option %s - Section name is too long\n", opt_string);
+ return;
+ }
+
strncpy(szSec, opt_string, sepIdx);
szSec[sepIdx] = 0;
}
@@ -1100,8 +1106,16 @@ void set_cfg_option(char *opt_string)
}
{
const size_t sepIdx = sep2 - sep;
+ if (sepIdx >= sizeof(szKey)) {
+ fprintf(stderr, "Badly formatted option %s - key name is too long\n", opt_string);
+ return;
+ }
strncpy(szKey, sep, sepIdx);
szKey[sepIdx] = 0;
+ if (strlen(sep2 + 1) >= sizeof(szVal)) {
+ fprintf(stderr, "Badly formatted option %s - value is too long\n", opt_string);
+ return;
+ }
strcpy(szVal, sep2+1);
}
@@ -1656,7 +1670,14 @@ int mp4client_main(int argc, char **argv)
else if (!gui_mode && url_arg) {
char *ext;
- strcpy(the_url, url_arg);
+ if (strlen(url_arg) >= sizeof(the_url)) {
+ fprintf(stderr, "Input url %s is too long, truncating to %d chars.\n", url_arg, (int)(sizeof(the_url) - 1));
+ strncpy(the_url, url_arg, sizeof(the_url)-1);
+ the_url[sizeof(the_url) - 1] = 0;
+ }
+ else {
+ strcpy(the_url, url_arg);
+ }
ext = strrchr(the_url, '.');
if (ext && (!stricmp(ext, ".m3u") || !stricmp(ext, ".pls"))) {
GF_Err e = GF_OK;
@@ -1668,7 +1689,10 @@ int mp4client_main(int argc, char **argv)
GF_DownloadSession *sess = gf_dm_sess_new(term->downloader, the_url, GF_NETIO_SESSION_NOT_THREADED, NULL, NULL, &e);
if (sess) {
e = gf_dm_sess_process(sess);
- if (!e) strcpy(the_url, gf_dm_sess_get_cache_name(sess));
+ if (!e) {
+ strncpy(the_url, gf_dm_sess_get_cache_name(sess), sizeof(the_url) - 1);
+ the_url[sizeof(the_cfg) - 1] = 0;
+ }
gf_dm_sess_del(sess);
}
}
@@ -1691,7 +1715,8 @@ int mp4client_main(int argc, char **argv)
fprintf(stderr, "Hit 'h' for help\n\n");
str = gf_cfg_get_key(cfg_file, "General", "StartupFile");
if (str) {
- strcpy(the_url, "MP4Client "GPAC_FULL_VERSION);
+ strncpy(the_url, "MP4Client "GPAC_FULL_VERSION , sizeof(the_url)-1);
+ the_url[sizeof(the_url) - 1] = 0;
gf_term_connect(term, str);
startup_file = 1;
is_connected = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 20:35:40 +0000