mirror of
https://github.com/alsa-project/alsa-lib.git
synced 2025-11-06 13:29:59 -05:00
7c5c050090
The qlen field of struct snd_midi_event was declared as size_t while status_events[] assigns the qlen to -1 indicating to skip. This leads to the misinterpretation since size_t is unsigned, hence it passes the check "dev.qlen > 0" incorrectly in snd_midi_event_encode_byte(), which eventually results in a memory corruption. Also, snd_midi_event_decode() doesn't consider about a negative qlen value and tries to copy the size as is. This patch fixes these issues: the first one is addressed by simply replacing size_t with ssize_t in snd_midi_event struct. For the latter, a check "qlen <= 0" is added to bail out; this is also good as a slight optimization. Reported-by: Prashant Malani <pmalani@chromium.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| seq.c | ||
| seq_event.c | ||
| seq_hw.c | ||
| seq_local.h | ||
| seq_midi_event.c | ||
| seq_old.c | ||
| seq_symbols.c | ||
| seqmid.c | ||