[PATCH] Fix possible sprintf overrun in snd_pcm_hw_open

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I spotted this while reading code a few weeks ago, and I ran it through the Ubuntu security team just to be sure. They decided it was not needing any security embargo or similar, so here comes the patch.

David Henningsson, Canonical Ltd.
>From 3333d9bb8d8f9cc95f9dbf68d0a703a4e832a948 Mon Sep 17 00:00:00 2001
From: David Henningsson <david.henningsson@xxxxxxxxxxxxx>
Date: Wed, 8 Dec 2010 11:06:59 +0100
Subject: [PATCH] Fix possible sprintf overrun in snd_pcm_hw_open

BugLink: http://launchpad.net/bugs/668487

Possible buffer overrun if the number of "card" and "device"
are absurdly high, especially on 64-bit platforms.

Signed-off-by: David Henningsson <david.henningsson@xxxxxxxxxxxxx>
 src/pcm/pcm_hw.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/pcm/pcm_hw.c b/src/pcm/pcm_hw.c
index 9d243d5..ce74ad4 100644
--- a/src/pcm/pcm_hw.c
+++ b/src/pcm/pcm_hw.c
@@ -1270,7 +1270,7 @@ int snd_pcm_hw_open(snd_pcm_t **pcmp, const char *name,
 		SNDERR("invalid stream %d", stream);
 		return -EINVAL;
-	sprintf(filename, filefmt, card, device);
+	snprintf(filename, sizeof(filename), filefmt, card, device);
       	if (attempt++ > 3) {

Alsa-devel mailing list

[ALSA User]     [Linux Audio Users]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

Add to Google Powered by Linux