oysteikt
/
mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

playlist/cue/parser: fix off-by-one buffer overflow 

cue_next_word() can return a pointer one past the end of the string if
the word is followed by the terminating null byte.
This commit is contained in:
Max Kellermann 2020-10-05 20:10:26 +02:00
parent dffd5831f8
commit ac46a84391
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -2,6 +2,8 @@ ver 0.22.1 (not yet released)
* output * output
- alsa: don't deadlock when the ALSA driver is buggy - alsa: don't deadlock when the ALSA driver is buggy
- jack, pulse: reduce the delay when stopping or pausing playback - jack, pulse: reduce the delay when stopping or pausing playback
* playlist
- cue: fix crash bug
ver 0.22 (2020/09/23) ver 0.22 (2020/09/23)
* protocol * protocol

8
src/playlist/cue/CueParser.cxx
View File

@ -38,8 +38,12 @@ cue_next_word(char *p, char **pp)
while (!IsWhitespaceOrNull(*p)) while (!IsWhitespaceOrNull(*p))
++p; ++p;
*p = 0; if (*p != 0) {
*pp = p + 1; *p = 0;
*pp = p + 1;
} else
*pp = p;
return word; return word;
} }