diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c
index 6b5e07b..4b49222 100644 (file)
--- a/modules/demux/asf/libasf.c
+++ b/modules/demux/asf/libasf.c
@@ -1471,10 +1471,9 @@ static const struct
 
 
 static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
-                                 asf_object_common_t *p_node, int i_level )
+                                 asf_object_common_t *p_node, unsigned i_level )
 {
-    char str[1024];
-    int i;
+    unsigned i;
     union asf_object_u *p_child;
     const char *psz_name;
 
@@ -1487,12 +1486,16 @@ static void ASF_ObjectDumpDebug( vlc_object_t *p_obj,
     }
     psz_name = ASF_ObjectDumpDebugInfo[i].psz_name;
 
+    char str[512];
+    if( i_level * 5 + 1 >= sizeof(str) )
+        return;
+
     memset( str, ' ', sizeof( str ) );
     for( i = 1; i < i_level; i++ )
     {
         str[i * 5] = '|';
     }
-    snprintf( str + 5*i_level, 1024,
+    snprintf( &str[5*i_level], sizeof(str) - 5*i_level,
              "+ '%s' GUID "GUID_FMT" size:%"PRIu64"pos:%"PRIu64,
              psz_name,
              GUID_PRINT( p_node->i_object_id ),
diff --git a/modules/demux/avi/libavi.c b/modules/demux/avi/libavi.c
index ad65ecb..ffbb3f9 100644 (file)
--- a/modules/demux/avi/libavi.c
+++ b/modules/demux/avi/libavi.c
@@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s,
 }
 
 static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
-                                      avi_chunk_t  *p_chk, int i_level )
+                                      avi_chunk_t  *p_chk, unsigned i_level )
 {
-    char str[1024];
-    int i;
+    unsigned i;
     avi_chunk_t *p_child;
 
+    char str[512];
+    if( i_level * 5 + 1 >= sizeof(str) )
+        return;
+
     memset( str, ' ', sizeof( str ) );
     for( i = 1; i < i_level; i++ )
     {
@@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
         p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2  ||
         p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST )
     {
-        sprintf( str + i_level * 5,
+        snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
                  "%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64,
                  i_level ? '+' : '*',
                  (char*)&p_chk->common.i_chunk_fourcc,
@@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
     }
     else
     {
-        sprintf( str + i_level * 5,
+        snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
                  "+ %4.4s size:%"PRIu64" pos:%"PRIu64,
                  (char*)&p_chk->common.i_chunk_fourcc,
                  p_chk->common.i_chunk_size,
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 8df00de..f8869a5 100644 (file)
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -2876,18 +2876,24 @@ static void __MP4_BoxDumpStructure( stream_t *s,
     }
     else
     {
-        char str[512];
         unsigned int i;
-        memset( str, (uint8_t)' ', 512 );
+
+        char str[512];
+        if( i_level * 5 + 1 >= sizeof(str) )
+            return;
+
+        memset( str, ' ', sizeof(str) );
         for( i = 0; i < i_level; i++ )
         {
             str[i*5] = '|';
         }
-        if MP4_BOX_TYPE_ASCII()
-            sprintf( str + i_level * 5, "+ %4.4s size %d",
+        if( MP4_BOX_TYPE_ASCII() )
+            snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
+                      "+ %4.4s size %d",
                         (char*)&p_box->i_type, (uint32_t)p_box->i_size );
         else
-            sprintf( str + i_level * 5, "+ c%3.3s size %d",
+            snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
+                      "+ c%3.3s size %d",
                         (char*)&p_box->i_type+1, (uint32_t)p_box->i_size );
         msg_Dbg( s, "%s", str );
     }