Wim Taymans 4f9e59b87d security: fix missing null termination in Bluetooth broadcast code ... Memory Safety: Medium The broadcast_code field is a 16-byte array that can be filled with exactly 16 bytes of data via memcpy without null termination when the input string length equals BROADCAST_CODE_LEN. The field is then logged with %s format, which reads past the buffer boundary into adjacent struct fields, potentially disclosing sensitive data. Fix by changing the boundary check from > to >= to ensure room for the null terminator, and copy the terminator along with the data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-04-27 11:02:35 +02:00
..
examples	spa: examples: fix getopt usage + typos in adapter-control	2025-10-26 14:12:19 +00:00
include	spa: add spa_alloca that does overflow and limit checks	2026-04-27 10:53:44 +02:00
include-private/spa-private	spa: move dbus helpers out of bluez plugin	2024-02-05 13:03:20 +00:00
lib	spa: update lib.c	2026-03-09 18:33:32 +01:00
plugins	security: fix missing null termination in Bluetooth broadcast code	2026-04-27 11:02:35 +02:00
tests	spa/tests: remove unused #include <linux/limits.h>	2026-03-11 21:50:21 +00:00
tools	tools: port various tools to the new json-builder	2026-02-26 10:51:17 +01:00
meson.build	meson: Always use -fno-strict-aliasing and -fno-strict-overflow	2025-07-24 07:30:28 +00:00