alsa writer: Do not print uninitialized data.
authorAndre Noll <maan@systemlinux.org>
Wed, 15 May 2013 20:33:24 +0000 (22:33 +0200)
committerAndre Noll <maan@systemlinux.org>
Sun, 19 May 2013 13:19:58 +0000 (15:19 +0200)
ALSA's snd_output_buffer_string() returns the current size of valid
data in the returned data buffer, but this buffer is not guaranteed
to be zero-terminated.

Currently alsa_init() ignores this fact and prints the buffer up to
the first NULL byte.  Therefore it may print garbage that follows the
valid data in the buffer. If there is no zero byte after the data,
it may even segfault.

Fix this bug by using memchr() instead of strchr() and carefully
tracking the number of bytes processed.

alsa_write.c

index 0563ba7..88e48b4 100644 (file)
@@ -164,17 +164,18 @@ static int alsa_init(struct private_alsa_write_data *pad,
                goto fail;
        ret = snd_output_buffer_open(&output_log);
        if (ret == 0) {
-               char *buf;
+               char *buf, *p;
+               size_t sz;
                PARA_INFO_LOG("dumping alsa configuration\n");
                snd_pcm_dump(pad->handle, output_log);
-               snd_output_buffer_string(output_log, &buf);
-               for (;;) {
-                       char *p = strchr(buf, '\n');
-                       if (!p) /* omit last output line, it's empty */
+               sz = snd_output_buffer_string(output_log, &buf);
+               for (p = buf; p < buf + sz;) {
+                       char *q = memchr(p, '\n', buf + sz - p);
+                       if (!q)
                                break;
-                       *p = '\0';
-                       PARA_INFO_LOG("%s\n", buf);
-                       buf = p + 1;
+                       *q = '\0';
+                       PARA_INFO_LOG("%s\n", p);
+                       p = q + 1;
                }
                snd_output_close(output_log);
        }