From 5073d2736d6a83de04e749ae5952071da3d1ccbc Mon Sep 17 00:00:00 2001

From: Tomas Bzatek <tbzatek@redhat.com>

Date: Tue, 12 May 2009 15:17:06 +0200

Subject: [PATCH 4/4] CDDA: allow query well-formed filenames only

This will check for ".wav" suffix as long as sscanf()

doesn't care of the rest of the formatting string after

last placeholder. Querying filenames like

"Track 10.nonsense" will now throw an error.

Partially fixes https://bugzilla.redhat.com/show_bug.cgi?id=499266

---

 daemon/gvfsbackendcdda.c |    3 ++-

 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/daemon/gvfsbackendcdda.c b/daemon/gvfsbackendcdda.c

index c97aa44..9b30753 100644

--- a/daemon/gvfsbackendcdda.c

+++ b/daemon/gvfsbackendcdda.c

@@ -460,7 +460,8 @@ get_track_num_from_name (GVfsBackendCdda *cdda_backend, const char *filename)

   char *basename;

   basename = g_path_get_basename (filename);

-  if (sscanf (basename, "Track %d.wav", &n) == 1)

+  if (sscanf (basename, "Track %d.wav", &n) == 1 &&

+      g_str_has_suffix (basename, ".wav"))

     {

       g_free (basename);

       return n;

-- 

1.6.2.2