Index: video2.c =================================================================== --- video2.c (revisiĆ³n: 354) +++ video2.c (copia de trabajo) @@ -204,6 +204,7 @@ in = 0; /* Set the input. */ + memset (&input, 0, sizeof (input)); input.index = in; if (xioctl(s->fd, VIDIOC_ENUMINPUT, &input) == -1) { motion_log(LOG_ERR, 0, "Unable to query input %d.", in); @@ -533,6 +534,7 @@ ctrl->name, ctrl->minimum, ctrl->maximum, ctrl->flags & V4L2_CTRL_FLAG_DISABLED ? "!DISABLED!" : ""); + memset (&control, 0, sizeof (control)); control.id = queried_ctrls[i]; xioctl(s->fd, VIDIOC_G_CTRL, &control); motion_log(LOG_INFO, 0, "\t\"%s\", default %d, current %d", ctrl->name, Index: webhttpd.c =================================================================== --- webhttpd.c (revisiĆ³n: 354) +++ webhttpd.c (copia de trabajo) @@ -311,7 +311,7 @@ int i; struct context **cnt = userdata; - warningkill = sscanf (pointer, "%256[a-z]%c", command , &question); + warningkill = sscanf (pointer, "%255[a-z]%c", command , &question); if (!strcmp(command,"list")) { pointer = pointer + 4; length_uri = length_uri - 4; @@ -416,7 +416,7 @@ if ((length_uri != 0) && (question == '?')) { pointer++; length_uri--; - warningkill = sscanf(pointer,"%256[a-z_]%c", command, &question); + warningkill = sscanf(pointer,"%255[a-z_]%c", command, &question); /*check command , question == '=' length_uri too*/ if ((question == '=') && (command[0]!='\0')) { length_uri = length_uri - strlen(command) - 1; @@ -432,7 +432,7 @@ if (config_params[i].param_name) { if (length_uri > 0) { char Value[1024]={'\0'}; - warningkill = sscanf(pointer,"%1024s", Value); + warningkill = sscanf(pointer,"%1023s", Value); length_uri = length_uri - strlen(Value); if ( (length_uri == 0) && (strlen(Value) > 0) ) { /* FIXME need to assure that is a valid value */ @@ -593,12 +593,12 @@ /* 8 -> query=param_name FIXME minimum length param_name */ pointer++; length_uri--; - warningkill = sscanf(pointer,"%256[a-z]%c", command, &question); + warningkill = sscanf(pointer,"%255[a-z]%c", command, &question); if ( (question == '=') && (!strcmp(command,"query")) ) { pointer = pointer + 6; length_uri = length_uri - 6; - warningkill = sscanf(pointer, "%256[a-z_]", command); + warningkill = sscanf(pointer, "%255[a-z_]", command); /*check if command exist, length_uri too*/ length_uri = length_uri-strlen(command); @@ -755,7 +755,7 @@ char command[256] = {'\0'}; struct context **cnt = userdata; - warningkill = sscanf (pointer, "%256[a-z]" , command); + warningkill = sscanf (pointer, "%255[a-z]" , command); if (!strcmp(command,"makemovie")) { pointer = pointer + 9; length_uri = length_uri - 9; @@ -897,7 +897,7 @@ char command[256]={'\0'}; struct context **cnt=userdata; - warningkill = sscanf (pointer, "%256[a-z]" , command); + warningkill = sscanf (pointer, "%255[a-z]" , command); if (!strcmp(command,"status")) { pointer = pointer + 6; length_uri = length_uri - 6; @@ -1061,7 +1061,7 @@ char command[256] = {'\0'}; struct context **cnt = userdata; - warningkill = sscanf(pointer, "%256[a-z]%c", command, &question); + warningkill = sscanf(pointer, "%255[a-z]%c", command, &question); if (!strcmp(command, "set")) { pointer=pointer+3;length_uri=length_uri-3; /* FIXME need to check each value */ @@ -1080,7 +1080,7 @@ /* set?x=value&y=value */ /* pan= or x= | tilt= or y= */ - warningkill = sscanf (pointer, "%256[a-z]%c" , command, &question); + warningkill = sscanf (pointer, "%255[a-z]%c" , command, &question); if (( question != '=' ) || (command[0] == '\0')) { /* no valid syntax */ @@ -1288,7 +1288,7 @@ /* Check Second parameter */ - warningkill = sscanf (pointer, "%c%256[a-z]" ,&question, command); + warningkill = sscanf (pointer, "%c%255[a-z]" ,&question, command); if ( ( question != '&' ) || (command[0] == '\0') ){ motion_log(LOG_WARNING, 0, "httpd debug race 4"); if ( strstr(pointer,"&")){ @@ -1576,11 +1576,11 @@ length_uri--; /* value= */ - warningkill = sscanf (pointer, "%256[a-z]%c",query,&question); + warningkill = sscanf (pointer, "%255[a-z]%c",query,&question); if ((question == '=') && (!strcmp(query,"value")) ) { pointer = pointer + 6; length_uri = length_uri - 6; - warningkill = sscanf (pointer, "%256[-0-9a-z]" , command); + warningkill = sscanf (pointer, "%255[-0-9a-z]" , command); if ((command!=NULL) && (strlen(command) > 0)) { struct context *autocnt; @@ -1744,7 +1744,7 @@ } if (length_uri!=0) { - warningkill = sscanf (pointer, "%256[a-z]%c" , command , &slash); + warningkill = sscanf (pointer, "%255[a-z]%c" , command , &slash); /* config */ if (!strcmp(command,"config")) { @@ -1952,7 +1952,7 @@ int alive = 1; int ret = 1; char buffer[1024] = {'\0'}; - int length = 1024; + int length = 1023; struct context **cnt = userdata; /* lock the mutex */ @@ -1970,14 +1970,14 @@ return -1; } else { - char method[sizeof (buffer)]; - char url[sizeof (buffer)]; - char protocol[sizeof (buffer)]; + char method[10]={'\0'}; + char url[512]={'\0'}; + char protocol[10]={'\0'}; char *authentication=NULL; buffer[nread] = '\0'; - warningkill = sscanf (buffer, "%s %s %s", method, url, protocol); + warningkill = sscanf (buffer, "%9s %511s %9s", method, url, protocol); while ((strstr (buffer, "\r\n\r\n") == NULL) && (readb!=0) && (nread < length)){ readb = read (client_socket, buffer+nread, sizeof (buffer) - nread);