From: Dirk Müller Date: Tue, 2 Jun 2026 09:17:31 +0000 (+0200) Subject: Fix theoretical one-byte buffer overrun X-Git-Url: https://git.alsa-project.org/?a=commitdiff_plain;h=1e27d63ef6d1dcf7d1f1a1e1eca3ea779e7de377;p=alsa-lib.git Fix theoretical one-byte buffer overrun If 64 (sizeof(buf))= or more characters were provided in the input string, this unconditionally writes a null byte to `buf[64]`, which is one byte past the end of the array. Closes: https://github.com/alsa-project/alsa-lib/pull/509 Signed-off-by: Dirk Müller Signed-off-by: Jaroslav Kysela --- diff --git a/src/control/ctlparse.c b/src/control/ctlparse.c index 3bd86435..c40de2bd 100644 --- a/src/control/ctlparse.c +++ b/src/control/ctlparse.c @@ -173,7 +173,7 @@ int __snd_ctl_ascii_elem_id_parse(snd_ctl_elem_id_t *dst, const char *str, ptr = buf; size = 0; while (*str && *str != ',') { - if (size < (int)sizeof(buf)) { + if (size < (int)sizeof(buf) - 1) { *ptr++ = *str; size++; }