From 057a8c7cf2ca9f6aa8b97c5b3e4a09daca358134 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Wed, 15 May 2013 22:33:24 +0200 Subject: [PATCH] alsa writer: Do not print uninitialized data. ALSA's snd_output_buffer_string() returns the current size of valid data in the returned data buffer, but this buffer is not guaranteed to be zero-terminated. Currently alsa_init() ignores this fact and prints the buffer up to the first NULL byte. Therefore it may print garbage that follows the valid data in the buffer. If there is no zero byte after the data, it may even segfault. Fix this bug by using memchr() instead of strchr() and carefully tracking the number of bytes processed. --- alsa_write.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/alsa_write.c b/alsa_write.c index 0563ba73..88e48b45 100644 --- a/alsa_write.c +++ b/alsa_write.c @@ -164,17 +164,18 @@ static int alsa_init(struct private_alsa_write_data *pad, goto fail; ret = snd_output_buffer_open(&output_log); if (ret == 0) { - char *buf; + char *buf, *p; + size_t sz; PARA_INFO_LOG("dumping alsa configuration\n"); snd_pcm_dump(pad->handle, output_log); - snd_output_buffer_string(output_log, &buf); - for (;;) { - char *p = strchr(buf, '\n'); - if (!p) /* omit last output line, it's empty */ + sz = snd_output_buffer_string(output_log, &buf); + for (p = buf; p < buf + sz;) { + char *q = memchr(p, '\n', buf + sz - p); + if (!q) break; - *p = '\0'; - PARA_INFO_LOG("%s\n", buf); - buf = p + 1; + *q = '\0'; + PARA_INFO_LOG("%s\n", p); + p = q + 1; } snd_output_close(output_log); } -- 2.39.2