mirrors/alsa-lib
1
0
Fork 0
mirror of https://github.com/alsa-project/alsa-lib.git synced 2025-11-09 13:30:03 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

pcm: fix buffer overflow in snd_pcm_chmap_print()

Browse source 
The size argument is wrong for one of the snprintf() calls in
snd_pcm_chmap_print(), allowing an overflow to happen (the user-provided
buffer may be written data up to 2x its actual size).

Seen in an user report here: http://trac.kodi.tv/ticket/15641

Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Anssi Hannula 2014-12-30 20:46:11 +02:00 committed by Takashi Iwai
parent 93b0e9ca85
commit b2ed0aa9f2
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/pcm/pcm.c
View file

@ -7621,7 +7621,7 @@ int snd_pcm_chmap_print(const snd_pcm_chmap_t *map, size_t maxlen, char *buf)
return -ENOMEM; return -ENOMEM;
} }
if (map->pos[i] & SND_CHMAP_DRIVER_SPEC) if (map->pos[i] & SND_CHMAP_DRIVER_SPEC)
len += snprintf(buf + len, maxlen, "%d", p); len += snprintf(buf + len, maxlen - len, "%d", p);
else { else {
const char *name = chmap_names[p]; const char *name = chmap_names[p];
if (name) if (name)