Windows Potential overflow

jabbera · 2012-07-18 21:47

Hi all,

I was taking a peek at the ISO9660 code and found something quite suspicious:

iso9660.cpp:531 memcpy( &m_info.isodir, m_info.iso.szRootDir, sizeof(m_info.isodir));

szRootDir is only 34 bytes and isodir is of type iso9660_Directory which is 545 bytes.

I would patch it but I don't know the exact intention.

Mike

**Memphiz** · 2012-07-19 10:25

Wow this really looks like bullshit. No clue either what was the intention.

**WiSo** · 2012-07-21 18:33

Did you check if its still in use on win32? Windows can read those disc so we could use hdfile here. But I assume that the iso9660 protocol isn't use any more on win and could be removed.

jabbera · 2012-07-25 04:32

Sorry, that just means I was compiling for windows. I think it's a problem everywhere. I'm trying to figure out how to get xbmc to access an iso.

edrikk · 2012-07-25 17:42

Well, it wouldn't overflow 'cause it's only copying the correct number of bytes over.
IF the code is being used, my guess is that nobody's noticed because the members referenced in the copy (after the memcpy) are luckily in the first 32 bytes...

**Memphiz** · 2012-07-25 22:36

edrikk it would overflow the source buffer ... not the destination ... well not overflow - but bad access...

edrikk · 2012-07-26 04:14

Your absolutely correct.

jabbera Junior Member Posts: 5 Joined: Jul 2012 Reputation: 0	2012-07-18 21:47 Post: #1 Hi all, I was taking a peek at the ISO9660 code and found something quite suspicious: iso9660.cpp:531 memcpy( &m_info.isodir, m_info.iso.szRootDir, sizeof(m_info.isodir)); szRootDir is only 34 bytes and isodir is of type iso9660_Directory which is 545 bytes. I would patch it but I don't know the exact intention. Mike
	find quote

Memphiz Team-XBMC Developer Posts: 7,915 Joined: Feb 2011 Reputation: 91 Location: germany	2012-07-19 10:25 Post: #2 Wow this really looks like bullshit. No clue either what was the intention. AppleTV2/iPhone/iPod: HowTo find debug logs and everything else which the devs like so much: click here HowTo setup NFS for XBMC: Wiki NFS HowTo configure avahi (zeroconf): Wiki Avahi READ THE IOS FAQ!: iOS FAQ (This post was last modified: 2012-07-19 10:25 by Memphiz.)
	find quote

jabbera Junior Member Posts: 5 Joined: Jul 2012 Reputation: 0	2012-07-25 04:32 Post: #4 Sorry, that just means I was compiling for windows. I think it's a problem everywhere. I'm trying to figure out how to get xbmc to access an iso. (This post was last modified: 2012-07-25 04:32 by jabbera.)
	find quote

edrikk Senior Member Posts: 106 Joined: Jul 2011 Reputation: 2	2012-07-25 17:42 Post: #5 Well, it wouldn't overflow 'cause it's only copying the correct number of bytes over. IF the code is being used, my guess is that nobody's noticed because the members referenced in the copy (after the memcpy) are luckily in the first 32 bytes... (This post was last modified: 2012-07-25 17:43 by edrikk.)
	find quote

edrikk Senior Member Posts: 106 Joined: Jul 2011 Reputation: 2	2012-07-26 04:14 Post: #7 Your absolutely correct.
	find quote