Security flaws in FAPG 0.41 and related patches

[FAPG] / fapg.c

diff --git a/fapg.c b/fapg.c
index 38a27bf..0c72af8 100644 (file)
--- a/fapg.c
+++ b/fapg.c
@@ -43,7 +43,7 @@
 
 #define MP3_BASE 1024
 #define OGG_BASE 1024*10
-#define MAX 1024*200            /* 200ko for ID3 with JPEG images in it */
+#define MAX 1024*250            /* 250ko for ID3 with JPEG images in it */
 
 #define FORMAT_M3U 0
 #define FORMAT_PLS 1
@@ -425,7 +425,7 @@ void print_webpath(const char *path)
 {
     const char *c = path;
 
-    printf(prefix);             /* we must not modify this part */
+    printf("%s", prefix);             /* we must not modify this part */
     if(*c == '.' && c[1] == '/') {      /* remove leading "./" when parsing current directory */
         c += 2;
         /* maybe there follow many slashes */
@@ -443,7 +443,7 @@ void print_webpath(const char *path)
 void print_path(const char *path)
 {
     const char *c = path;
-    printf(prefix);
+    printf("%s", prefix);
     /* skip leading "./" when parsing current directory */
     if(*c == '.' && *(c + 1) == '/') {
         c += 2;
@@ -500,7 +500,6 @@ void reference(const char *title)
     pipe = popen(command, "r");
     if(pipe == NULL) {
         fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command);
-        free(command);
         return;
     }
     fgets(buffer, 1020, pipe);