From dff08f1be0599cd47f47ac58ea103f4491a101e4 Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo Date: Thu, 5 Apr 2012 21:02:40 +1000 Subject: [PATCH] Fix buffer overflow by replacing strcpy with memcpy. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Thanks to Cristian Rodríguez for the report. --- src/metaflac/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/metaflac/options.c b/src/metaflac/options.c index eb3498d..f242618 100644 --- a/src/metaflac/options.c +++ b/src/metaflac/options.c @@ -1041,7 +1041,7 @@ FLAC__bool parse_block_type(const char *in, Argument_BlockType *out) out->entries[entry].filter_application_by_id = (0 != r); if(0 != r) { if(strlen(r) == 4) { - strcpy(out->entries[entry].application_id, r); + memcpy(out->entries[entry].application_id, r, 4); } else if(strlen(r) == 10 && strncmp(r, "0x", 2) == 0 && strspn(r+2, "0123456789ABCDEFabcdef") == 8) { FLAC__uint32 x = strtoul(r+2, 0, 16); -- 2.7.4