diff mbox

fix plugin arguments corruption

Message ID 201001061311.21633.anssi.hannula@iki.fi
State New
Headers

Commit Message

Anssi Hannula Jan. 6, 2010, 11:11 a.m. UTC 
  VDR uses the construct "strcpy(s, s + 1)" in plugin arguments processing for 
stripping first character of s. However, as per strcpy man page, the source 
and destination strings may not overlap.

There are a couple of ways to fix them, but the attached patch simply changes 
them to "memmove(s, s + 1, strlen(s))". The patch applies both to 1.7.10 and 
1.6.0.

This fixes plugin arguments corruption with glibc 2.11 on x86_64.
diff mbox

Patch

Index: vdr-1.7.10/plugin.c
===================================================================
--- vdr-1.7.10/plugin.c
+++ vdr-1.7.10/plugin.c	2010-01-06 12:47:43.396957257 +0200
@@ -172,15 +172,15 @@ 
 static char *SkipQuote(char *s)
 {
   char c = *s;
-  strcpy(s, s + 1);
+  memmove(s, s + 1, strlen(s));
   while (*s && *s != c) {
         if (*s == '\\')
-           strcpy(s, s + 1);
+           memmove(s, s + 1, strlen(s));
         if (*s)
            s++;
         }
   if (*s) {
-     strcpy(s, s + 1);
+     memmove(s, s + 1, strlen(s));
      return s;
      }
   esyslog("ERROR: missing closing %c", c);
@@ -215,7 +215,7 @@ 
               if (!q)
                  q = p;
               switch (*p) {
-                case '\\': strcpy(p, p + 1);
+                case '\\': memmove(p, p + 1, strlen(p));
                            if (*p)
                               p++;
                            else {