mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: replace strcat with bounds-explicit memcpy in pulse utils

Browse source 
Memory Safety: Low

Although the preceding length check ensures the strcat is safe, using
strcat makes the bounds guarantee implicit. Replace with memcpy using
the already-computed length, making the bounded copy explicit and
avoiding a redundant scan of the destination string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-27 16:14:23 +02:00
parent 1ebbd9d7bc
commit ebe9b087ad
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/modules/module-protocol-pulse/utils.c
View file

@ -170,12 +170,13 @@ int create_pid_file(void)
if ((res = get_runtime_dir(pid_file, sizeof(pid_file))) < 0) if ((res = get_runtime_dir(pid_file, sizeof(pid_file))) < 0)
return res; return res;
if (strlen(pid_file) > PATH_MAX - sizeof("/pid")) { size_t len = strlen(pid_file);
if (len > PATH_MAX - sizeof("/pid")) {
pw_log_error("path too long: %s/pid", pid_file); pw_log_error("path too long: %s/pid", pid_file);
return -ENAMETOOLONG; return -ENAMETOOLONG;
} }
strcat(pid_file, "/pid"); memcpy(pid_file + len, "/pid", sizeof("/pid"));
if ((f = fopen(pid_file, "we")) == NULL) { if ((f = fopen(pid_file, "we")) == NULL) {
res = -errno; res = -errno;