mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-02-05 04:06:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

bluez-dbus: fix adapter memcpy length

Browse source 
sizeof(adapter) is larger than the big_entry->adapter and so the code
would copy too much. Instead only copy the strlen of the parsed
adapter, which we checked above to be smaller than the available size.

This doesn't copy the 0 byte because the memory is assumed to be 0
filled already by the calloc.

If the address is exactly the HCI_DEV_NAME_LEN, it will result in a non-0
terminated string, which may or may not be a problem...
This commit is contained in:
Wim Taymans 2026-02-03 10:16:22 +01:00
parent ac7728097f
commit 2c0988ab4c
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
spa/plugins/bluez5/bluez5-dbus.c
View file

@ -7044,7 +7044,7 @@ static void parse_broadcast_source_config(struct spa_bt_monitor *monitor, const
goto parse_failed; goto parse_failed;
if (strlen(adapter) > HCI_DEV_NAME_LEN) if (strlen(adapter) > HCI_DEV_NAME_LEN)
goto parse_failed; goto parse_failed;
memcpy(big_entry->adapter, adapter, sizeof(adapter)); memcpy(big_entry->adapter, adapter, strlen(adapter));
spa_log_debug(monitor->log, "big_entry->adapter %s", big_entry->adapter); spa_log_debug(monitor->log, "big_entry->adapter %s", big_entry->adapter);
} else if (spa_streq(key, "encryption")) { } else if (spa_streq(key, "encryption")) {
if (spa_json_get_bool(&it[0], &big_entry->encryption) <= 0) if (spa_json_get_bool(&it[0], &big_entry->encryption) <= 0)