Home Explore Help
Sign In
Apq
/
obs-studio
mirror of https://github.com/obsproject/obs-studio.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

libobs: prevent crash from unbounded copy and bfree

Restricts the range of the copy to count number of characters.
Changes function to strip wrapping quotes as intended.
Alex Anderson 7 years ago
parent
d8a1398466
commit
7ce217bbc0
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      libobs/util/cf-lexer.c

+ 4 - 3
libobs/util/cf-lexer.c
View File 

@@ -76,11 +76,12 @@ char *cf_literal_to_str(const char *literal, size_t count)
 
 	if (literal[0] != '\"' && literal[0] != '\'')
 
 		return NULL;
 
 
-	str = bmalloc(count - 1);
 
-	temp_src = literal;
 
+	/* strip leading and trailing quote characters */
 
+	str = bzalloc(--count);
 
+	temp_src = literal + 1;
 
 	temp_dst = str;
 
 
-	while (*temp_src) {
 
+	while (*temp_src && --count > 0) {
 
 		if (*temp_src == '\\') {
 
 			temp_src++;
 
 			cf_convert_from_escape_literal(&temp_dst, &temp_src);