diff options
| author | Max Kellermann <max@musicpd.org> | 2020-10-05 20:10:26 +0200 |
|---|---|---|
| committer | Max Kellermann <max@musicpd.org> | 2020-10-05 20:26:02 +0200 |
| commit | ac46a84391468dc886983955850060736404ee14 (patch) | |
| tree | 337ee7b3771a79fb7390affc11673393ef21a416 | |
| parent | dffd5831f83e31b7d07962d69922d64131c6880a (diff) | |
playlist/cue/parser: fix off-by-one buffer overflow
cue_next_word() can return a pointer one past the end of the string if
the word is followed by the terminating null byte.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | src/playlist/cue/CueParser.cxx | 8 |
2 files changed, 8 insertions, 2 deletions
@@ -2,6 +2,8 @@ ver 0.22.1 (not yet released) * output - alsa: don't deadlock when the ALSA driver is buggy - jack, pulse: reduce the delay when stopping or pausing playback +* playlist + - cue: fix crash bug ver 0.22 (2020/09/23) * protocol diff --git a/src/playlist/cue/CueParser.cxx b/src/playlist/cue/CueParser.cxx index a402508e2..e5bd59af4 100644 --- a/src/playlist/cue/CueParser.cxx +++ b/src/playlist/cue/CueParser.cxx @@ -38,8 +38,12 @@ cue_next_word(char *p, char **pp) while (!IsWhitespaceOrNull(*p)) ++p; - *p = 0; - *pp = p + 1; + if (*p != 0) { + *p = 0; + *pp = p + 1; + } else + *pp = p; + return word; } |