]> git.alsa-project.org Git - alsa-lib.git/commitdiff
Fix theoretical one-byte buffer overrun
authorDirk Müller <dirk@dmllr.de>
Tue, 2 Jun 2026 09:17:31 +0000 (11:17 +0200)
committerJaroslav Kysela <perex@perex.cz>
Sun, 5 Jul 2026 16:28:11 +0000 (18:28 +0200)
If 64 (sizeof(buf))= or more characters were provided in the input string,
this unconditionally writes a null byte to `buf[64]`, which is one byte
past the end of the array.

Closes: https://github.com/alsa-project/alsa-lib/pull/509
Signed-off-by: Dirk Müller <dirk@dmllr.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
src/control/ctlparse.c

index 3bd86435d0e3d1d1e9e05c17b03db7a4256b9e9f..c40de2bd28e559bec6a526f8dbef5587886ed50a 100644 (file)
@@ -173,7 +173,7 @@ int __snd_ctl_ascii_elem_id_parse(snd_ctl_elem_id_t *dst, const char *str,
                        ptr = buf;
                        size = 0;
                        while (*str && *str != ',') {
-                               if (size < (int)sizeof(buf)) {
+                               if (size < (int)sizeof(buf) - 1) {
                                        *ptr++ = *str;
                                        size++;
                                }