From 6353eb526ddf8aeb47a49c0b4fcb26ab1a724154 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Thu, 23 Apr 2026 14:38:14 +0200 Subject: [PATCH] security: fix unbounded sprintf in check_flatpak Memory Safety: Medium sprintf was used to format a /proc path without bounds checking. While pid_t values are practically bounded, using snprintf with sizeof(root_path) ensures the buffer cannot overflow regardless of the input value, following defense-in-depth principles. Co-Authored-By: Claude Opus 4.6 --- src/modules/module-protocol-pulse/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module-protocol-pulse/utils.c b/src/modules/module-protocol-pulse/utils.c index e6b24e708..6b41fd9a1 100644 --- a/src/modules/module-protocol-pulse/utils.c +++ b/src/modules/module-protocol-pulse/utils.c @@ -82,7 +82,7 @@ int check_flatpak(struct client *client, pid_t pid) int root_fd, info_fd, res; struct stat stat_buf; - sprintf(root_path, "/proc/%ld/root", (long) pid); + snprintf(root_path, sizeof(root_path), "/proc/%ld/root", (long) pid); root_fd = openat(AT_FDCWD, root_path, O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOCTTY); if (root_fd == -1) { res = -errno;