projects / platform / upstream / pulseaudio.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd4a693)
core-util: Handle zero-length volume string
authorTanu Kaskinen <tanuk@iki.fi>
Fri, 27 Dec 2019 05:33:52 +0000 (07:33 +0200)
committerTanu Kaskinen <tanuk@iki.fi>
Fri, 27 Dec 2019 05:33:52 +0000 (07:33 +0200)
Without checking for zero we end up accessing memory outside the str
buffer: str[len - 1].

Fixes: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/issues/768

src/pulsecore/core-util.c patch | blob | history

diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
index 174987e..d75f1d2 100644 (file)
--- a/src/pulsecore/core-util.c
+++ b/src/pulsecore/core-util.c
@@ -879,7 +879,7 @@ int pa_parse_volume(const char *v, pa_volume_t *volume) {
 
     len = strlen(v);
 
-    if (len >= 64)
+    if (len <= 0 || len >= 64)
         return -1;
 
     memcpy(str, v, len + 1);
Domain: Multimedia / Audio FW;