[alsa-devel] [PATCH] hdspmixer buffer overflow

[Georg Rudolph]

Hello,

to fix https://bugtrack.alsa-project.org/alsa-bug/view.php?id=5006
the attached patch for alsa-tools is proposed:

Summary: Fix buffer overflow in hdspmixer

A one off string buffer overflow fixed by handling it properly with
string stream.

Signed-off-by: Georg Rudolph <georg.rudolph at schwaben.de
<mailto:foo at bar.com>>



 

--- alsa-tools-1.0.23/hdspmixer/src/HDSPMixerIOMixer.h  2010-04-16
13:11:09.000000000 +0200
+++ alsa-tools-1.0.23-work/hdspmixer/src/HDSPMixerIOMixer.h 2010-05-12
22:07:49.549949993 +0200
@@ -36,6 +36,7 @@
 #include "HDSPMixerStripData.h"
 #include "HDSPMixerMeter.h"
 #include "pixmaps.h"
+#include <sstream>

 class HDSPMixerWindow;
 class HDSPMixerSelector;
@@ -52,7 +53,7 @@
 private:
     char **p_iomixer_xpm;
     int channel_num, relative_num, mixer_type;
-    char channel_name[6];
+   std::stringstream channel_name;
     void update_child(Fl_Widget &widget);
 public:
     HDSPMixerStripData *data[3][3][8]; /*
data[card][mode(ss/ds/qs)][preset number] */
--- alsa-tools-1.0.23/hdspmixer/src/HDSPMixerIOMixer.cxx    2010-04-16
13:11:09.000000000 +0200
+++ alsa-tools-1.0.23-work/hdspmixer/src/HDSPMixerIOMixer.cxx  
2010-05-12 22:00:26.754950707 +0200
@@ -25,9 +25,9 @@
 {
     mixer_type = type;
     if (type) {
-   sprintf(channel_name, "Out %d", ch);
+   channel_name << "Out " << ch;
     } else {
-   sprintf(channel_name, "In %d", ch);
+   channel_name << "In " << ch;
     }
     channel_num = ch;
     if (channel_num%2) {
@@ -73,7 +73,7 @@
    draw_background();
    fl_color(FL_BLACK);
    fl_font(FL_HELVETICA, 8);
-   fl_draw(channel_name, x()+4, y()+225, 27, 9, FL_ALIGN_CENTER);
+   fl_draw(channel_name.str().c_str(), x()+4, y()+225, 27, 9,
FL_ALIGN_CENTER);
    for (int i=children(); i--;) {
        Fl_Widget& o = **a++;
        draw_child(o);

Best Regards,
Georg Rudolph