Commit bbdf0d22 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files

Make sure we dont write more bytes into filename than the array is long.

just a precaution in case the size of the source array is increased or
made dynamically allocateable.

Originally committed as revision 21926 to svn://
parent 6a245905
......@@ -1580,7 +1580,7 @@ static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
/* compose filename if next level down to target was found */
if (i == ref->nlvl_to - 1) {
if (i == ref->nlvl_to - 1 && src_path - src < sizeof(filename)) {
memcpy(filename, src, src_path - src);
filename[src_path - src] = 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment