mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-25 06:46:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix unbounded strcpy for JACK port names

Browse source 
Memory Safety: Medium

strcpy was used to copy port names into fixed-size buffers
(REAL_JACK_PORT_NAME_SIZE+1) without explicit bounds checking.
Port names originate from JACK client API calls and PipeWire
port info, which are external inputs. Replaced with snprintf
using sizeof(destination) to guarantee the copy is always
bounded, preventing potential buffer overflows if source
strings exceed the expected maximum length.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-23 14:40:18 +02:00
parent 329e0ddb02
commit 9cf4d05c9e
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pipewire-jack/src/pipewire-jack.c
View file

@ -3714,8 +3714,8 @@ static int update_port_name(struct object *o, const char *name)
if (spa_streq(port_name, o->port.name)) if (spa_streq(port_name, o->port.name))
return 0; return 0;
strcpy(o->port.old_name, o->port.name); snprintf(o->port.old_name, sizeof(o->port.old_name), "%s", o->port.name);
strcpy(o->port.name, port_name); snprintf(o->port.name, sizeof(o->port.name), "%s", port_name);
return 1; return 1;
} }
@ -5560,7 +5560,7 @@ jack_port_t * jack_port_register (jack_client_t *client,
o = p->object; o = p->object;
o->port.flags = flags; o->port.flags = flags;
strcpy(o->port.name, name); snprintf(o->port.name, sizeof(o->port.name), "%s", name);
o->port.type_id = type_id; o->port.type_id = type_id;
init_buffer(p, c->max_frames); init_buffer(p, c->max_frames);