mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-08 08:21:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

tools: avoid strcat in pw-cat

Browse source 
We might overflow the path buffer when we strcat the provided filename
into it, which might crash or cause unexpected behaviour.

Instead use spa_scnprintf which avoids overflow and properly truncates
and null-terminates the string.

Found by Claude Code.
This commit is contained in:
Wim Taymans 2026-04-07 18:44:43 +02:00
parent 337801717e
commit d7be4353ad
1 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/tools/pw-cat.c
View file

@ -1860,15 +1860,14 @@ static int setup_encodedfile(struct data *data)
int num_channels;
unsigned int stream_index;
const AVCodecParameters *codecpar;
char path[256] = { 0 };
char path[PATH_MAX];
/* We do not support record with encoded media */
if (data->mode == mode_record) {
return -EINVAL;
}
strcpy(path, "file:");
strcat(path, data->filename);
spa_scnprintf(path, sizeof(path), "file:%s", data->filename);
data->encoded.format_context = NULL;
if ((ret = avformat_open_input(&data->encoded.format_context, path, NULL, NULL)) < 0) {