From ebe9b087ad41e5c96b163a993941a88041912270 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Mon, 27 Apr 2026 16:14:23 +0200 Subject: [PATCH] security: replace strcat with bounds-explicit memcpy in pulse utils Memory Safety: Low Although the preceding length check ensures the strcat is safe, using strcat makes the bounds guarantee implicit. Replace with memcpy using the already-computed length, making the bounded copy explicit and avoiding a redundant scan of the destination string. Co-Authored-By: Claude Opus 4.6 --- src/modules/module-protocol-pulse/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/modules/module-protocol-pulse/utils.c b/src/modules/module-protocol-pulse/utils.c index 6b41fd9a1..8098da35f 100644 --- a/src/modules/module-protocol-pulse/utils.c +++ b/src/modules/module-protocol-pulse/utils.c @@ -170,12 +170,13 @@ int create_pid_file(void) if ((res = get_runtime_dir(pid_file, sizeof(pid_file))) < 0) return res; - if (strlen(pid_file) > PATH_MAX - sizeof("/pid")) { + size_t len = strlen(pid_file); + if (len > PATH_MAX - sizeof("/pid")) { pw_log_error("path too long: %s/pid", pid_file); return -ENAMETOOLONG; } - strcat(pid_file, "/pid"); + memcpy(pid_file + len, "/pid", sizeof("/pid")); if ((f = fopen(pid_file, "we")) == NULL) { res = -errno;