Prevent possible buffer overflow when locating album art. · tsiry-sandratraina.com/rockbox-zig@2235081

tsiry-sandratraina.com / rockbox-zig

fork

Rockbox open source high quality audio player as a Music Player Daemon

mpris rockbox mpd libadwaita audio rust zig deno

fork

Prevent possible buffer overflow when locating album art.

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@16231 a1c6a512-1295-4272-9138-f99709370657

Magnus Holmgren 18 years ago 2235081d 8a7e626e

+23 -9

4 changed files

expand all

apps

misc.c

misc.h

recorder

albumart.c

tree.c

+20 -6

apps/misc.c

··· 1125 1125 * removes the extension of filename (if it doesn't start with a .) 1126 1126 * puts the result in buffer 1127 1127 */ 1128 - char *strip_extension(const char *filename, char *buffer) 1128 + char *strip_extension(char* buffer, int buffer_size, const char *filename) 1129 1129 { 1130 - int dotpos; 1131 1130 char *dot = strrchr(filename, '.'); 1131 + int len; 1132 + 1133 + if (buffer_size <= 0) 1134 + { 1135 + return NULL; 1136 + } 1137 + 1138 + buffer_size--; /* Make room for end nil */ 1139 + 1132 1140 if (dot != 0 && filename[0] != '.') 1133 1141 { 1134 - dotpos = dot - filename; 1135 - strncpy(buffer, filename, dotpos); 1136 - buffer[dotpos] = '\0'; 1142 + len = dot - filename; 1143 + len = MIN(len, buffer_size); 1144 + strncpy(buffer, filename, len); 1137 1145 } 1138 1146 else 1139 - strcpy(buffer, filename); 1147 + { 1148 + len = buffer_size; 1149 + strncpy(buffer, filename, buffer_size); 1150 + } 1151 + 1152 + buffer[len] = 0; 1153 + 1140 1154 return buffer; 1141 1155 }

+1 -1

apps/misc.h

··· 122 122 * removes the extension of filename (if it doesn't start with a .) 123 123 * puts the result in buffer 124 124 */ 125 - char *strip_extension(const char *filename, char *buffer); 125 + char *strip_extension(char* buffer, int buffer_size, const char *filename); 126 126 127 127 #endif /* MISC_H */

+1 -1

apps/recorder/albumart.c

··· 124 124 albumlen = id3->album ? strlen(id3->album) : 0; 125 125 126 126 /* the first file we look for is one specific to the track playing */ 127 - strip_extension(trackname, path); 127 + strip_extension(path, sizeof(path) - strlen(size_string) - 4, trackname); 128 128 strcat(path, size_string); 129 129 strcat(path, ".bmp"); 130 130 found = file_exists(path);

+1 -1

apps/tree.c

··· 163 163 164 164 if(stripit) 165 165 { 166 - return(strip_extension(name, buffer)); 166 + return(strip_extension(buffer, MAX_PATH, name)); 167 167 } 168 168 return(name); 169 169 }

Configure Feed

Configure Feed