From e994949d576e93f8c22a700394d4e0f519af7062 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Tue, 1 Jun 2021 10:35:45 +0200
Subject: [PATCH] properties: make safer serialize_dict implementation

Don't use alloca for the serialized string but instead write the
serialized string directly to the file.

Fixes #1249
---
 src/pipewire/properties.c | 43 +++++++++++++++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 4 deletions(-)

diff --git a/src/pipewire/properties.c b/src/pipewire/properties.c
index 3fedd3beb..d0d5907f0 100644
--- a/src/pipewire/properties.c
+++ b/src/pipewire/properties.c
@@ -542,6 +542,44 @@ const char *pw_properties_iterate(const struct pw_properties *properties, void *
 	return pw_array_get_unchecked(&impl->items, index, struct spa_dict_item)->key;
 }
 
+static int encode_string(FILE *f, const char *val)
+{
+	int len = 0;
+	len += fprintf(f, "\"");
+	while (*val) {
+		switch (*val) {
+		case '\n':
+			len += fprintf(f, "\\n");
+			break;
+		case '\r':
+			len += fprintf(f, "\\r");
+			break;
+		case '\b':
+			len += fprintf(f, "\\b");
+			break;
+		case '\t':
+			len += fprintf(f, "\\t");
+			break;
+		case '\f':
+			len += fprintf(f, "\\f");
+			break;
+		case '\\':
+		case '"':
+			len += fprintf(f, "\\%c", *val);
+		break;
+		default:
+			if (*val > 0 && *val < 0x20)
+				len += fprintf(f, "\\u%04x", *val);
+			else
+				len += fprintf(f, "%c", *val);
+			break;
+		}
+		val++;
+	}
+	len += fprintf(f, "\"");
+	return len-1;
+}
+
 SPA_EXPORT
 int pw_properties_serialize_dict(FILE *f, const struct spa_dict *dict, uint32_t flags)
 {
@@ -558,10 +596,7 @@ int pw_properties_serialize_dict(FILE *f, const struct spa_dict *dict, uint32_t
 		    spa_json_is_container(it->value, len)) {
 			fprintf(f, "%s", it->value);
 		} else {
-			size_t size = (len+1) * 4;
-			char str[size];
-			spa_json_encode_string(str, size, it->value);
-			fprintf(f, "%s", str);
+			encode_string(f, it->value);
 		}
 		count++;
 	}