From: Andre Noll Date: Wed, 15 May 2013 20:33:24 +0000 (+0200) Subject: alsa writer: Do not print uninitialized data. X-Git-Tag: v0.4.13~37 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=057a8c7cf2ca9f6aa8b97c5b3e4a09daca358134;p=paraslash.git alsa writer: Do not print uninitialized data. ALSA's snd_output_buffer_string() returns the current size of valid data in the returned data buffer, but this buffer is not guaranteed to be zero-terminated. Currently alsa_init() ignores this fact and prints the buffer up to the first NULL byte. Therefore it may print garbage that follows the valid data in the buffer. If there is no zero byte after the data, it may even segfault. Fix this bug by using memchr() instead of strchr() and carefully tracking the number of bytes processed. --- diff --git a/alsa_write.c b/alsa_write.c index 0563ba73..88e48b45 100644 --- a/alsa_write.c +++ b/alsa_write.c @@ -164,17 +164,18 @@ static int alsa_init(struct private_alsa_write_data *pad, goto fail; ret = snd_output_buffer_open(&output_log); if (ret == 0) { - char *buf; + char *buf, *p; + size_t sz; PARA_INFO_LOG("dumping alsa configuration\n"); snd_pcm_dump(pad->handle, output_log); - snd_output_buffer_string(output_log, &buf); - for (;;) { - char *p = strchr(buf, '\n'); - if (!p) /* omit last output line, it's empty */ + sz = snd_output_buffer_string(output_log, &buf); + for (p = buf; p < buf + sz;) { + char *q = memchr(p, '\n', buf + sz - p); + if (!q) break; - *p = '\0'; - PARA_INFO_LOG("%s\n", buf); - buf = p + 1; + *q = '\0'; + PARA_INFO_LOG("%s\n", p); + p = q + 1; } snd_output_close(output_log); }