playlist/cue/parser: fix off-by-one buffer overflow

cue_next_word() can return a pointer one past the end of the string if the word is followed by the terminating null byte.
2020-10-05 20:10:26 +02:00 · 2020-10-05 20:10:26 +02:00 · ac46a84391
parent dffd5831f8
commit ac46a84391
2 changed files with 8 additions and 2 deletions
--- a/2
+++ b/2
@ -2,6 +2,8 @@ ver 0.22.1 (not yet released)
 * output
  - alsa: don't deadlock when the ALSA driver is buggy
  - jack, pulse: reduce the delay when stopping or pausing playback
+* playlist
+  - cue: fix crash bug

 ver 0.22 (2020/09/23)
 * protocol
--- a/src/playlist/cue/CueParser.cxx
+++ b/src/playlist/cue/CueParser.cxx
@ -38,8 +38,12 @@ cue_next_word(char *p, char **pp)
 	while (!IsWhitespaceOrNull(*p))
 		++p;

-	*p = 0;
-	*pp = p + 1;
+	if (*p != 0) {
+		*p = 0;
+		*pp = p + 1;
+	} else
+		*pp = p;
+
 	return word;
 }