Changeset |
Partially re-add the secure coding aspects of 10806 (which was rolled back in 10857). Fundamentally, the code in theora_open is written in a non-secure manner prior to this fix. That the callers currently appear per Goober to use it correctly is not the issue. There is no way of enforcing that contract as to length of the string unless it is internally handled in the function. Also Goober's comment that all callers use string lengths of MAX_FILENAME_LEN is incorrect. Examples trivially found that use the separate define NAME_LENGTH, which could be changed in future. |