Hello,
to fix https://bugtrack.alsa-project.org/alsa-bug/view.php?id=5006 the attached patch for alsa-tools is proposed:
Summary: Fix buffer overflow in hdspmixer
A one off string buffer overflow fixed by handling it properly with string stream.
Signed-off-by: Georg Rudolph <georg.rudolph@schwaben.de mailto:foo@bar.com>
--- alsa-tools-1.0.23/hdspmixer/src/HDSPMixerIOMixer.h 2010-04-16 13:11:09.000000000 +0200 +++ alsa-tools-1.0.23-work/hdspmixer/src/HDSPMixerIOMixer.h 2010-05-12 22:07:49.549949993 +0200 @@ -36,6 +36,7 @@ #include "HDSPMixerStripData.h" #include "HDSPMixerMeter.h" #include "pixmaps.h" +#include <sstream>
class HDSPMixerWindow; class HDSPMixerSelector; @@ -52,7 +53,7 @@ private: char **p_iomixer_xpm; int channel_num, relative_num, mixer_type; - char channel_name[6]; + std::stringstream channel_name; void update_child(Fl_Widget &widget); public: HDSPMixerStripData *data[3][3][8]; /* data[card][mode(ss/ds/qs)][preset number] */ --- alsa-tools-1.0.23/hdspmixer/src/HDSPMixerIOMixer.cxx 2010-04-16 13:11:09.000000000 +0200 +++ alsa-tools-1.0.23-work/hdspmixer/src/HDSPMixerIOMixer.cxx 2010-05-12 22:00:26.754950707 +0200 @@ -25,9 +25,9 @@ { mixer_type = type; if (type) { - sprintf(channel_name, "Out %d", ch); + channel_name << "Out " << ch; } else { - sprintf(channel_name, "In %d", ch); + channel_name << "In " << ch; } channel_num = ch; if (channel_num%2) { @@ -73,7 +73,7 @@ draw_background(); fl_color(FL_BLACK); fl_font(FL_HELVETICA, 8); - fl_draw(channel_name, x()+4, y()+225, 27, 9, FL_ALIGN_CENTER); + fl_draw(channel_name.str().c_str(), x()+4, y()+225, 27, 9, FL_ALIGN_CENTER); for (int i=children(); i--;) { Fl_Widget& o = **a++; draw_child(o);
Best Regards, Georg Rudolph