From a0d7fb01ba3d56d5736cbf38ef4c39b23dc872fa Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Thu, 25 Nov 2021 10:14:30 +0100 Subject: [PATCH] pulse-server: add size check when reading strings --- src/modules/module-protocol-pulse/message.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/modules/module-protocol-pulse/message.c b/src/modules/module-protocol-pulse/message.c index 1ad3d6a76..91413070d 100644 --- a/src/modules/module-protocol-pulse/message.c +++ b/src/modules/module-protocol-pulse/message.c @@ -181,7 +181,10 @@ static int read_arbitrary(struct message *m, const void **val, size_t *length) static int read_string(struct message *m, char **str) { - uint32_t n, maxlen = m->length - m->offset; + uint32_t n, maxlen; + if (m->offset + 1 > m->length) + return -ENOSPC; + maxlen = m->length - m->offset; n = strnlen(SPA_PTROFF(m->data, m->offset, char), maxlen); if (n == maxlen) return -EINVAL;