* Clean up some potential buffer overruns. (SF bug #3536546)

2012-06-26 18:13:48 +00:00 · 2012-06-26 18:13:48 +00:00 · cf8ddddcce
commit cf8ddddcce
parent ba162fc082
1 changed files with 27 additions and 49 deletions
--- a/scanner.c
+++ b/scanner.c
@ -114,7 +114,6 @@ insert_container(const char * item, const char * rootParent, const char * refID,
 	char *result;
 	char *base;
 	int ret = 0;
-	sqlite_int64 detailID = 0;

 	result = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS o "
 	                                "left join DETAILS d on (o.DETAIL_ID = d.ID)"
@ -134,6 +133,7 @@ insert_container(const char * item, const char * rootParent, const char * refID,
 	}
 	else
 	{
+		sqlite_int64 detailID = 0;
 		*objectID = 0;
 		*parentID = get_next_available_id("OBJECTS", rootParent);
 		if( refID )
@ -168,8 +168,7 @@ insert_containers(const char * name, const char *path, const char * refID, const

 	if( strstr(class, "imageItem") )
 	{
-		char *date = NULL, *cam = NULL;
-		char date_taken[13], camera[64];
+		char *date_taken = NULL, *camera = NULL;
 		static struct virtual_item last_date;
 		static struct virtual_item last_cam;
 		static struct virtual_item last_camdate;
@ -179,19 +178,16 @@ insert_containers(const char * name, const char *path, const char * refID, const
 		ret = sql_get_table(db, sql, &result, &row, &cols);
 		if( ret == SQLITE_OK )
 		{
-			date = result[2];
-			cam = result[3];
+			date_taken = result[2];
+			camera = result[3];
 		}
-
-		if( date )
-		{
-			strncpy(date_taken, date, 10);
+		if( date_taken )
 			date_taken[10] = '\0';
-		}
 		else
-		{
-			strcpy(date_taken, _("Unknown Date"));
-		}
+			date_taken = _("Unknown Date");
+		if( !camera )
+			camera = _("Unknown Camera");
+
 		if( valid_cache && strcmp(last_date.name, date_taken) == 0 )
 		{
 			last_date.objectID++;
@ -202,7 +198,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 			insert_container(date_taken, IMAGE_DATE_ID, NULL, "album.photoAlbum", NULL, NULL, NULL, &objectID, &parentID);
 			sprintf(last_date.parentID, IMAGE_DATE_ID"$%llX", parentID);
 			last_date.objectID = objectID;
-			strcpy(last_date.name, date_taken);
+			strncpyt(last_date.name, date_taken, sizeof(last_date.name));
 			//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached date item: %s/%s/%X\n", last_date.name, last_date.parentID, last_date.objectID);
 		}
 		sql_exec(db, "INSERT into OBJECTS"
@ -211,20 +207,12 @@ insert_containers(const char * name, const char *path, const char * refID, const
 		             " ('%s$%llX', '%s', '%s', '%s', %lld, %Q)",
 		             last_date.parentID, last_date.objectID, last_date.parentID, refID, class, detailID, name);

-		if( cam )
-		{
-			strncpy(camera, cam, 63);
-			camera[63] = '\0';
-		}
-		else
-		{
-			strcpy(camera, _("Unknown Camera"));
-		}
 		if( !valid_cache || strcmp(camera, last_cam.name) != 0 )
 		{
 			insert_container(camera, IMAGE_CAMERA_ID, NULL, "storageFolder", NULL, NULL, NULL, &objectID, &parentID);
 			sprintf(last_cam.parentID, IMAGE_CAMERA_ID"$%llX", parentID);
-			strncpy(last_cam.name, camera, 255);
+			strncpyt(last_cam.name, camera, sizeof(last_cam.name));
+			/* Invalidate last_camdate cache */
 			last_camdate.name[0] = '\0';
 		}
 		if( valid_cache && strcmp(last_camdate.name, date_taken) == 0 )
@ -237,7 +225,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 			insert_container(date_taken, last_cam.parentID, NULL, "album.photoAlbum", NULL, NULL, NULL, &objectID, &parentID);
 			sprintf(last_camdate.parentID, "%s$%llX", last_cam.parentID, parentID);
 			last_camdate.objectID = objectID;
-			strcpy(last_camdate.name, date_taken);
+			strncpyt(last_camdate.name, date_taken, sizeof(last_camdate.name));
 			//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached camdate item: %s/%s/%s/%X\n", camera, last_camdate.name, last_camdate.parentID, last_camdate.objectID);
 		}
 		sql_exec(db, "INSERT into OBJECTS"
@ -287,7 +275,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 			}
 			else
 			{
-				strcpy(last_album.name, album);
+				strncpyt(last_album.name, album, sizeof(last_album.name));
 				insert_container(album, MUSIC_ALBUM_ID, NULL, "album.musicAlbum", artist, genre, album_art, &objectID, &parentID);
 				sprintf(last_album.parentID, MUSIC_ALBUM_ID"$%llX", parentID);
 				last_album.objectID = objectID;
@ -305,7 +293,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 			{
 				insert_container(artist, MUSIC_ARTIST_ID, NULL, "person.musicArtist", NULL, genre, NULL, &objectID, &parentID);
 				sprintf(last_artist.parentID, MUSIC_ARTIST_ID"$%llX", parentID);
-				strcpy(last_artist.name, artist);
+				strncpyt(last_artist.name, artist, sizeof(last_artist.name));
 				last_artistAlbum.name[0] = '\0';
 				/* Add this file to the "- All Albums -" container as well */
 				insert_container(_("- All Albums -"), last_artist.parentID, NULL, "album", artist, genre, NULL, &objectID, &parentID);
@ -327,7 +315,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 				                 "album.musicAlbum", artist, genre, album_art, &objectID, &parentID);
 				sprintf(last_artistAlbum.parentID, "%s$%llX", last_artist.parentID, parentID);
 				last_artistAlbum.objectID = objectID;
-				strcpy(last_artistAlbum.name, album?album:_("Unknown Album"));
+				strncpyt(last_artistAlbum.name, album ? album : _("Unknown Album"), sizeof(last_artistAlbum.name));
 				//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached artist/album item: %s/%s/%X\n", last_artist.name, last_artist.parentID, last_artist.objectID);
 			}
 			sql_exec(db, "INSERT into OBJECTS"
@ -347,8 +335,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 			{
 				insert_container(genre, MUSIC_GENRE_ID, NULL, "genre.musicGenre", NULL, NULL, NULL, &objectID, &parentID);
 				sprintf(last_genre.parentID, MUSIC_GENRE_ID"$%llX", parentID);
-				strcpy(last_genre.name, genre);
-				last_genreArtist.name[0] = '\0';
+				strncpyt(last_genre.name, genre, sizeof(last_genre.name));
 				/* Add this file to the "- All Artists -" container as well */
 				insert_container(_("- All Artists -"), last_genre.parentID, NULL, "person", NULL, genre, NULL, &objectID, &parentID);
 				sprintf(last_genreArtistAll.parentID, "%s$%llX", last_genre.parentID, parentID);
@ -368,7 +355,7 @@ insert_containers(const char * name, const char *path, const char * refID, const
 				                 "person.musicArtist", NULL, genre, NULL, &objectID, &parentID);
 				sprintf(last_genreArtist.parentID, "%s$%llX", last_genre.parentID, parentID);
 				last_genreArtist.objectID = objectID;
-				strcpy(last_genreArtist.name, artist?artist:_("Unknown Artist"));
+				strncpyt(last_genreArtist.name, artist ? artist : _("Unknown Artist"), sizeof(last_genreArtist.name));
 				//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached genre/artist item: %s/%s/%X\n", last_genreArtist.name, last_genreArtist.parentID, last_genreArtist.objectID);
 			}
 			sql_exec(db, "INSERT into OBJECTS"
@ -420,25 +407,20 @@ insert_containers(const char * name, const char *path, const char * refID, const
 int
 insert_directory(const char * name, const char * path, const char * base, const char * parentID, int objectID)
 {
-	int found = 0;
 	sqlite_int64 detailID = 0;
-	char * refID = NULL;
 	char class[] = "container.storageFolder";
 	char *result, *p;
 	static char last_found[256] = "-1";

 	if( strcmp(base, BROWSEDIR_ID) != 0 )
 	{
-		if( asprintf(&refID, "%s%s$%X", BROWSEDIR_ID, parentID, objectID) == -1 )
-			return 1;
-	}
-
-	if( refID )
-	{
-		char id_buf[64], parent_buf[64];
+		int found = 0;
+		char id_buf[64], parent_buf[64], refID[64];
 		char *dir_buf, *dir;
+
 		dir_buf = strdup(path);
 		dir = dirname(dir_buf);
+		snprintf(refID, sizeof(refID), "%s%s$%X", BROWSEDIR_ID, parentID, objectID);
 		snprintf(id_buf, sizeof(id_buf), "%s%s$%X", base, parentID, objectID);
 		snprintf(parent_buf, sizeof(parent_buf), "%s%s", base, parentID);
 		while( !found )
@ -470,19 +452,16 @@ insert_directory(const char * name, const char * path, const char * base, const
 				*p = '\0';
 			dir = dirname(dir);
 		}
-		free(refID);
 		free(dir_buf);
 		return 0;
 	}

 	detailID = GetFolderMetadata(name, path, NULL, NULL, find_album_art(path, NULL, 0));
 	sql_exec(db, "INSERT into OBJECTS"
-	             " (OBJECT_ID, PARENT_ID, REF_ID, DETAIL_ID, CLASS, NAME) "
+	             " (OBJECT_ID, PARENT_ID, DETAIL_ID, CLASS, NAME) "
 	             "VALUES"
-	             " ('%s%s$%X', '%s%s', %Q, %lld, '%s', '%q')",
-	             base, parentID, objectID, base, parentID, refID, detailID, class, name);
-	free(refID);
-
+	             " ('%s%s$%X', '%s%s', %lld, '%s', '%q')",
+	             base, parentID, objectID, base, parentID, detailID, class, name);
 	return 0;
 }

@ -494,7 +473,6 @@ insert_file(char * name, const char * path, const char * parentID, int object)
 	sqlite_int64 detailID = 0;
 	char base[8];
 	char * typedir_parentID;
-	int typedir_objectID;
 	char * baseid;
 	char * orig_name = NULL;

@ -543,7 +521,7 @@ insert_file(char * name, const char * path, const char * parentID, int object)

 	if( *parentID )
 	{
-		typedir_objectID = 0;
+		int typedir_objectID = 0;
 		typedir_parentID = strdup(parentID);
 		baseid = strrchr(typedir_parentID, '$');
 		if( baseid )
@ -794,7 +772,7 @@ start_scanner()
 	av_log_set_level(AV_LOG_PANIC);
 	while( media_path )
 	{
-		strncpy(name, media_path->path, sizeof(name));
+		strncpyt(name, media_path->path, sizeof(name));
 		GetFolderMetadata(basename(name), media_path->path, NULL, NULL, 0);
 		ScanDirectory(media_path->path, NULL, media_path->type);
 		media_path = media_path->next;