From b991e9acc94db3eac14eeaf047710b53b6831ab1 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Fri, 25 Jul 2025 17:01:24 +0200
Subject: [PATCH] pod: check string zero byte only when parsing

The _is_type() macros should simply check the type in the header and if
the size is large enough to look into the type specifics. Further
validation of the values should be done when the value is retrieved.

Following this logic, the String zero byte check should be done in the
get_string() function.
---
 spa/include/spa/pod/iter.h | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/spa/include/spa/pod/iter.h b/spa/include/spa/pod/iter.h
index f2400a16f..e5ce3f719 100644
--- a/spa/include/spa/pod/iter.h
+++ b/spa/include/spa/pod/iter.h
@@ -279,24 +279,28 @@ SPA_API_POD_ITER int spa_pod_get_double(const struct spa_pod *pod, double *value
 
 SPA_API_POD_ITER int spa_pod_is_string(const struct spa_pod *pod)
 {
-	const char *s = (const char *)SPA_POD_CONTENTS(struct spa_pod_string, pod);
-	return SPA_POD_CHECK(pod, SPA_TYPE_String, 1) &&
-			s[pod->size-1] == '\0';
+	return SPA_POD_CHECK(pod, SPA_TYPE_String, 1);
 }
 
 SPA_API_POD_ITER int spa_pod_get_string(const struct spa_pod *pod, const char **value)
 {
+	const char *s;
 	if (!spa_pod_is_string(pod))
 		return -EINVAL;
-	*value = (const char *)SPA_POD_CONTENTS(struct spa_pod_string, pod);
+	s = (const char *)SPA_POD_CONTENTS(struct spa_pod_string, pod);
+	if (s[pod->size-1] != '\0')
+		return -EINVAL;
+	*value = s;
 	return 0;
 }
 
 SPA_API_POD_ITER int spa_pod_copy_string(const struct spa_pod *pod, size_t maxlen, char *dest)
 {
-	const char *s = (const char *)SPA_POD_CONTENTS(struct spa_pod_string, pod);
+	const char *s;
 	if (!spa_pod_is_string(pod) || maxlen < 1)
 		return -EINVAL;
+	maxlen = SPA_MIN(maxlen, pod->size);
+	s = (const char *)SPA_POD_CONTENTS(struct spa_pod_string, pod);
 	strncpy(dest, s, maxlen-1);
 	dest[maxlen-1]= '\0';
 	return 0;