[Spice-devel] [PATCH xf86-video-qxl 5/5] spiceqxl_audio: fix possible buffer overflow (clang)
Alon Levy
alevy at redhat.com
Thu Oct 17 10:27:48 CEST 2013
I've tested this. Previously strncat was used incorrectly, it is
replaced with snprintf per Uri's suggestion.
Signed-off-by: Alon Levy <alevy at redhat.com>
---
src/spiceqxl_audio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/spiceqxl_audio.c b/src/spiceqxl_audio.c
index 3cd80ff..5b87302 100644
--- a/src/spiceqxl_audio.c
+++ b/src/spiceqxl_audio.c
@@ -167,9 +167,9 @@ scan_fifos (struct audio_data *data, const char *dirname)
return 0;
}
- strncpy(path, dirname, sizeof(path));
- strncat(path, "/", sizeof(path));
- strncat(path, ent->d_name, sizeof(path));
+ if (snprintf(path, sizeof(path), "%s/%s", dirname, ent->d_name) >= sizeof(path)) {
+ ErrorF("playback: FIFO filename is too long - truncated into %s", path);
+ }
data->fifo_fds[i] = open(path, O_RDONLY | O_RSYNC | O_NONBLOCK);
if (data->fifo_fds[i] < 0)
--
1.8.3.1
More information about the Spice-devel
mailing list