mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-30 06:46:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: replace strcpy with memcpy in alsa_id_decode

Browse source 
Memory Safety: Low

alsa_id_decode() uses strcpy() to copy into a caller-provided buffer
without knowing its size. Although all current callers allocate the
buffer correctly (via alloca(strlen(src) + 1) or with a pre-validated
fixed buffer), the function signature does not encode this requirement.
Replace strcpy with memcpy using the known source length to make the
bounded copy explicit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-27 16:15:10 +02:00
parent ebe9b087ad
commit f00c84ccad
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
spa/plugins/alsa/acp/alsa-mixer.c
View file

@ -63,6 +63,7 @@ char *pa_alsa_mixer_id_to_string(char *dst, size_t dst_len, pa_alsa_mixer_id *id
}
static int alsa_id_decode(const char *src, char *name, int *index) {
size_t src_len = strlen(src);
char *idx, c;
int i;
@ -70,7 +71,7 @@ static int alsa_id_decode(const char *src, char *name, int *index) {
c = src[0];
/* Strip quotes in entries such as 'Speaker',1 or "Speaker",1 */
if (c == '\'' || c == '"') {
strcpy(name, src + 1);
memcpy(name, src + 1, src_len);
for (i = 0; name[i] != '\0' && name[i] != c; i++);
idx = NULL;
if (name[i]) {
@ -78,7 +79,7 @@ static int alsa_id_decode(const char *src, char *name, int *index) {
idx = strchr(name + i + 1, ',');
}
} else {
strcpy(name, src);
memcpy(name, src, src_len + 1);
idx = strchr(name, ',');
}
if (idx == NULL)