* Guarantee a 0-terminated string for all usages of strncpy()
@ 2017-12-01 9:58 Wischer, Timo (ADITG/ESB)
0 siblings, 0 replies; only message in thread
From: Wischer, Timo (ADITG/ESB) @ 2017-12-01 9:58 UTC (permalink / raw
To: alsa-devel@alsa-project.org
[-- Attachment #1: Type: text/plain, Size: 614 bytes --]
Hi all,
see attached a patch for ensuring a 0-terminated string when using strncpy().
I observed this issue in the ext control implementation.
Best regards
Timo Wischer
Advanced Driver Information Technology GmbH
Engineering Software Base (ADITG/ESB)
Robert-Bosch-Str. 200
31139 Hildesheim
Germany
Tel. +49 5121 49 6938
Fax +49 5121 49 6999
twischer@de.adit-jv.com
ADIT is a joint venture company of Robert Bosch GmbH/Robert Bosch Car Multimedia GmbH and DENSO Corporation
Sitz: Hildesheim, Registergericht: Amtsgericht Hildesheim HRB 3438
Geschäftsführung: Wilhelm Grabow, Ken Yaguchi
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: append-0-after-strncpy.patch --]
[-- Type: text/x-patch; name="append-0-after-strncpy.patch", Size: 4537 bytes --]
From b08dd2d395fc1d051345f19d12b62b2faa14bc67 Mon Sep 17 00:00:00 2001
From: Timo Wischer <twischer@de.adit-jv.com>
Date: Fri, 1 Dec 2017 10:45:04 +0100
Subject: Always terminate string with 0 which was copied with strncpy()
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
diff --git a/src/control/control.c b/src/control/control.c
index 11f7815..34a8dee 100644
--- a/src/control/control.c
+++ b/src/control/control.c
@@ -1804,6 +1804,7 @@ void snd_ctl_elem_id_set_name(snd_ctl_elem_id_t *obj, const char *val)
{
assert(obj);
strncpy((char *)obj->name, val, sizeof(obj->name));
+ obj->name[sizeof(obj->name)-1] = 0;
}
/**
@@ -2722,6 +2723,7 @@ void snd_ctl_elem_info_set_name(snd_ctl_elem_info_t *obj, const char *val)
{
assert(obj);
strncpy((char *)obj->id.name, val, sizeof(obj->id.name));
+ obj->id.name[sizeof(obj->id.name)-1] = 0;
}
/**
@@ -2944,6 +2946,7 @@ void snd_ctl_elem_value_set_name(snd_ctl_elem_value_t *obj, const char *val)
{
assert(obj);
strncpy((char *)obj->id.name, val, sizeof(obj->id.name));
+ obj->id.name[sizeof(obj->id.name)-1] = 0;
}
/**
diff --git a/src/mixer/simple_none.c b/src/mixer/simple_none.c
index e9dc173..327047c 100644
--- a/src/mixer/simple_none.c
+++ b/src/mixer/simple_none.c
@@ -1334,6 +1334,7 @@ static int enum_item_name_ops(snd_mixer_elem_t *elem,
snd_ctl_elem_info_set_item(&info, item);
snd_hctl_elem_info(helem, &info);
strncpy(buf, snd_ctl_elem_info_get_item_name(&info), maxlen);
+ buf[maxlen-1] = 0;
return 0;
}
diff --git a/src/pcm/pcm_direct.c b/src/pcm/pcm_direct.c
index abf7378..0117223 100644
--- a/src/pcm/pcm_direct.c
+++ b/src/pcm/pcm_direct.c
@@ -767,8 +767,11 @@ int snd_pcm_direct_info(snd_pcm_t *pcm, snd_pcm_info_t * info)
/* FIXME: fill this with something more useful: we know the hardware name */
if (pcm->name) {
strncpy((char *)info->id, pcm->name, sizeof(info->id));
+ info->id[sizeof(info->id)-1] = 0;
strncpy((char *)info->name, pcm->name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+ info->subname[sizeof(info->subname)-1] = 0;
}
info->subdevices_count = 1;
return 0;
diff --git a/src/pcm/pcm_ioplug.c b/src/pcm/pcm_ioplug.c
index 7a782e6..296dea0 100644
--- a/src/pcm/pcm_ioplug.c
+++ b/src/pcm/pcm_ioplug.c
@@ -74,8 +74,11 @@ static int snd_pcm_ioplug_info(snd_pcm_t *pcm, snd_pcm_info_t *info)
info->card = -1;
if (pcm->name) {
strncpy((char *)info->id, pcm->name, sizeof(info->id));
+ info->id[sizeof(info->id)-1] = 0;
strncpy((char *)info->name, pcm->name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+ info->subname[sizeof(info->subname)-1] = 0;
}
info->subdevices_count = 1;
return 0;
diff --git a/src/pcm/pcm_null.c b/src/pcm/pcm_null.c
index 7afe158..ffe2059 100644
--- a/src/pcm/pcm_null.c
+++ b/src/pcm/pcm_null.c
@@ -72,8 +72,11 @@ static int snd_pcm_null_info(snd_pcm_t *pcm, snd_pcm_info_t * info)
info->card = -1;
if (pcm->name) {
strncpy((char *)info->id, pcm->name, sizeof(info->id));
+ info->id[sizeof(info->id)-1] = 0;
strncpy((char *)info->name, pcm->name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+ info->subname[sizeof(info->subname)-1] = 0;
}
info->subdevices_count = 1;
return 0;
diff --git a/src/seq/seq.c b/src/seq/seq.c
index 983c4fa..b70a640 100644
--- a/src/seq/seq.c
+++ b/src/seq/seq.c
@@ -1745,6 +1745,7 @@ void snd_seq_client_info_set_name(snd_seq_client_info_t *info, const char *name)
{
assert(info && name);
strncpy(info->name, name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
}
/**
@@ -2178,6 +2179,7 @@ void snd_seq_port_info_set_name(snd_seq_port_info_t *info, const char *name)
{
assert(info && name);
strncpy(info->name, name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
}
/**
@@ -3123,6 +3125,7 @@ void snd_seq_queue_info_set_name(snd_seq_queue_info_t *info, const char *name)
{
assert(info && name);
strncpy(info->name, name, sizeof(info->name));
+ info->name[sizeof(info->name)-1] = 0;
}
/**
@@ -3280,6 +3283,7 @@ int snd_seq_query_named_queue(snd_seq_t *seq, const char *name)
snd_seq_queue_info_t info;
assert(seq && name);
strncpy(info.name, name, sizeof(info.name));
+ info.name[sizeof(info.name)-1] = 0;
err = seq->ops->get_named_queue(seq, &info);
if (err < 0)
return err;
[-- Attachment #3: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-12-01 9:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-01 9:58 Guarantee a 0-terminated string for all usages of strncpy() Wischer, Timo (ADITG/ESB)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.