From cf8ddddcce8842344626efc1fc9f0fc89758ed76 Mon Sep 17 00:00:00 2001 From: Justin Maggard Date: Tue, 26 Jun 2012 18:13:48 +0000 Subject: [PATCH] * Clean up some potential buffer overruns. (SF bug #3536546) --- scanner.c | 76 ++++++++++++++++++++----------------------------------- 1 file changed, 27 insertions(+), 49 deletions(-) diff --git a/scanner.c b/scanner.c index 3196e8f..f01cb01 100644 --- a/scanner.c +++ b/scanner.c @@ -114,7 +114,6 @@ insert_container(const char * item, const char * rootParent, const char * refID, char *result; char *base; int ret = 0; - sqlite_int64 detailID = 0; result = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS o " "left join DETAILS d on (o.DETAIL_ID = d.ID)" @@ -134,6 +133,7 @@ insert_container(const char * item, const char * rootParent, const char * refID, } else { + sqlite_int64 detailID = 0; *objectID = 0; *parentID = get_next_available_id("OBJECTS", rootParent); if( refID ) @@ -168,8 +168,7 @@ insert_containers(const char * name, const char *path, const char * refID, const if( strstr(class, "imageItem") ) { - char *date = NULL, *cam = NULL; - char date_taken[13], camera[64]; + char *date_taken = NULL, *camera = NULL; static struct virtual_item last_date; static struct virtual_item last_cam; static struct virtual_item last_camdate; @@ -179,19 +178,16 @@ insert_containers(const char * name, const char *path, const char * refID, const ret = sql_get_table(db, sql, &result, &row, &cols); if( ret == SQLITE_OK ) { - date = result[2]; - cam = result[3]; + date_taken = result[2]; + camera = result[3]; } - - if( date ) - { - strncpy(date_taken, date, 10); + if( date_taken ) date_taken[10] = '\0'; - } else - { - strcpy(date_taken, _("Unknown Date")); - } + date_taken = _("Unknown Date"); + if( !camera ) + camera = _("Unknown Camera"); + if( valid_cache && strcmp(last_date.name, date_taken) == 0 ) { last_date.objectID++; @@ -202,7 +198,7 @@ insert_containers(const char * name, const char *path, const char * refID, const insert_container(date_taken, IMAGE_DATE_ID, NULL, "album.photoAlbum", NULL, NULL, NULL, &objectID, &parentID); sprintf(last_date.parentID, IMAGE_DATE_ID"$%llX", parentID); last_date.objectID = objectID; - strcpy(last_date.name, date_taken); + strncpyt(last_date.name, date_taken, sizeof(last_date.name)); //DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached date item: %s/%s/%X\n", last_date.name, last_date.parentID, last_date.objectID); } sql_exec(db, "INSERT into OBJECTS" @@ -211,20 +207,12 @@ insert_containers(const char * name, const char *path, const char * refID, const " ('%s$%llX', '%s', '%s', '%s', %lld, %Q)", last_date.parentID, last_date.objectID, last_date.parentID, refID, class, detailID, name); - if( cam ) - { - strncpy(camera, cam, 63); - camera[63] = '\0'; - } - else - { - strcpy(camera, _("Unknown Camera")); - } if( !valid_cache || strcmp(camera, last_cam.name) != 0 ) { insert_container(camera, IMAGE_CAMERA_ID, NULL, "storageFolder", NULL, NULL, NULL, &objectID, &parentID); sprintf(last_cam.parentID, IMAGE_CAMERA_ID"$%llX", parentID); - strncpy(last_cam.name, camera, 255); + strncpyt(last_cam.name, camera, sizeof(last_cam.name)); + /* Invalidate last_camdate cache */ last_camdate.name[0] = '\0'; } if( valid_cache && strcmp(last_camdate.name, date_taken) == 0 ) @@ -237,7 +225,7 @@ insert_containers(const char * name, const char *path, const char * refID, const insert_container(date_taken, last_cam.parentID, NULL, "album.photoAlbum", NULL, NULL, NULL, &objectID, &parentID); sprintf(last_camdate.parentID, "%s$%llX", last_cam.parentID, parentID); last_camdate.objectID = objectID; - strcpy(last_camdate.name, date_taken); + strncpyt(last_camdate.name, date_taken, sizeof(last_camdate.name)); //DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached camdate item: %s/%s/%s/%X\n", camera, last_camdate.name, last_camdate.parentID, last_camdate.objectID); } sql_exec(db, "INSERT into OBJECTS" @@ -287,7 +275,7 @@ insert_containers(const char * name, const char *path, const char * refID, const } else { - strcpy(last_album.name, album); + strncpyt(last_album.name, album, sizeof(last_album.name)); insert_container(album, MUSIC_ALBUM_ID, NULL, "album.musicAlbum", artist, genre, album_art, &objectID, &parentID); sprintf(last_album.parentID, MUSIC_ALBUM_ID"$%llX", parentID); last_album.objectID = objectID; @@ -305,7 +293,7 @@ insert_containers(const char * name, const char *path, const char * refID, const { insert_container(artist, MUSIC_ARTIST_ID, NULL, "person.musicArtist", NULL, genre, NULL, &objectID, &parentID); sprintf(last_artist.parentID, MUSIC_ARTIST_ID"$%llX", parentID); - strcpy(last_artist.name, artist); + strncpyt(last_artist.name, artist, sizeof(last_artist.name)); last_artistAlbum.name[0] = '\0'; /* Add this file to the "- All Albums -" container as well */ insert_container(_("- All Albums -"), last_artist.parentID, NULL, "album", artist, genre, NULL, &objectID, &parentID); @@ -327,7 +315,7 @@ insert_containers(const char * name, const char *path, const char * refID, const "album.musicAlbum", artist, genre, album_art, &objectID, &parentID); sprintf(last_artistAlbum.parentID, "%s$%llX", last_artist.parentID, parentID); last_artistAlbum.objectID = objectID; - strcpy(last_artistAlbum.name, album?album:_("Unknown Album")); + strncpyt(last_artistAlbum.name, album ? album : _("Unknown Album"), sizeof(last_artistAlbum.name)); //DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached artist/album item: %s/%s/%X\n", last_artist.name, last_artist.parentID, last_artist.objectID); } sql_exec(db, "INSERT into OBJECTS" @@ -347,8 +335,7 @@ insert_containers(const char * name, const char *path, const char * refID, const { insert_container(genre, MUSIC_GENRE_ID, NULL, "genre.musicGenre", NULL, NULL, NULL, &objectID, &parentID); sprintf(last_genre.parentID, MUSIC_GENRE_ID"$%llX", parentID); - strcpy(last_genre.name, genre); - last_genreArtist.name[0] = '\0'; + strncpyt(last_genre.name, genre, sizeof(last_genre.name)); /* Add this file to the "- All Artists -" container as well */ insert_container(_("- All Artists -"), last_genre.parentID, NULL, "person", NULL, genre, NULL, &objectID, &parentID); sprintf(last_genreArtistAll.parentID, "%s$%llX", last_genre.parentID, parentID); @@ -368,7 +355,7 @@ insert_containers(const char * name, const char *path, const char * refID, const "person.musicArtist", NULL, genre, NULL, &objectID, &parentID); sprintf(last_genreArtist.parentID, "%s$%llX", last_genre.parentID, parentID); last_genreArtist.objectID = objectID; - strcpy(last_genreArtist.name, artist?artist:_("Unknown Artist")); + strncpyt(last_genreArtist.name, artist ? artist : _("Unknown Artist"), sizeof(last_genreArtist.name)); //DEBUG DPRINTF(E_DEBUG, L_SCANNER, "Creating cached genre/artist item: %s/%s/%X\n", last_genreArtist.name, last_genreArtist.parentID, last_genreArtist.objectID); } sql_exec(db, "INSERT into OBJECTS" @@ -420,25 +407,20 @@ insert_containers(const char * name, const char *path, const char * refID, const int insert_directory(const char * name, const char * path, const char * base, const char * parentID, int objectID) { - int found = 0; sqlite_int64 detailID = 0; - char * refID = NULL; char class[] = "container.storageFolder"; char *result, *p; static char last_found[256] = "-1"; if( strcmp(base, BROWSEDIR_ID) != 0 ) { - if( asprintf(&refID, "%s%s$%X", BROWSEDIR_ID, parentID, objectID) == -1 ) - return 1; - } - - if( refID ) - { - char id_buf[64], parent_buf[64]; + int found = 0; + char id_buf[64], parent_buf[64], refID[64]; char *dir_buf, *dir; + dir_buf = strdup(path); dir = dirname(dir_buf); + snprintf(refID, sizeof(refID), "%s%s$%X", BROWSEDIR_ID, parentID, objectID); snprintf(id_buf, sizeof(id_buf), "%s%s$%X", base, parentID, objectID); snprintf(parent_buf, sizeof(parent_buf), "%s%s", base, parentID); while( !found ) @@ -470,19 +452,16 @@ insert_directory(const char * name, const char * path, const char * base, const *p = '\0'; dir = dirname(dir); } - free(refID); free(dir_buf); return 0; } detailID = GetFolderMetadata(name, path, NULL, NULL, find_album_art(path, NULL, 0)); sql_exec(db, "INSERT into OBJECTS" - " (OBJECT_ID, PARENT_ID, REF_ID, DETAIL_ID, CLASS, NAME) " + " (OBJECT_ID, PARENT_ID, DETAIL_ID, CLASS, NAME) " "VALUES" - " ('%s%s$%X', '%s%s', %Q, %lld, '%s', '%q')", - base, parentID, objectID, base, parentID, refID, detailID, class, name); - free(refID); - + " ('%s%s$%X', '%s%s', %lld, '%s', '%q')", + base, parentID, objectID, base, parentID, detailID, class, name); return 0; } @@ -494,7 +473,6 @@ insert_file(char * name, const char * path, const char * parentID, int object) sqlite_int64 detailID = 0; char base[8]; char * typedir_parentID; - int typedir_objectID; char * baseid; char * orig_name = NULL; @@ -543,7 +521,7 @@ insert_file(char * name, const char * path, const char * parentID, int object) if( *parentID ) { - typedir_objectID = 0; + int typedir_objectID = 0; typedir_parentID = strdup(parentID); baseid = strrchr(typedir_parentID, '$'); if( baseid ) @@ -794,7 +772,7 @@ start_scanner() av_log_set_level(AV_LOG_PANIC); while( media_path ) { - strncpy(name, media_path->path, sizeof(name)); + strncpyt(name, media_path->path, sizeof(name)); GetFolderMetadata(basename(name), media_path->path, NULL, NULL, 0); ScanDirectory(media_path->path, NULL, media_path->type); media_path = media_path->next;