search

nikp123 / xava

X11 Audio Visualizer for ALSA
http://nikp123.github.io/xava
Other
133 stars 15 forks source link

GetInstallDir: fix buffer overflow #24

Closed sgn closed 4 years ago

sgn commented 4 years ago

strlen(3) will return length of input, not including terminating NUL character. And strcpy(3) will copy the included NUL character. Thus, we'll get buffer overflow for 1 character.

Fix it.

nikp123 commented 4 years ago

Right away. This is a nasty bug indeed.

sgn commented 4 years ago

I'm late to improve my own code, but I think those two line can be simplified to:

char *path = strdup(PREFIX"/share/"PACKAGE"/");

Working with Windows is ...

nikp123 commented 4 years ago

I should really re-learn my C stdlib, I didn't know such a thing existed.

Plus that line never runs on Windows, that's for POSIX.

sgn commented 4 years ago

That line can work in Windows, but with annoying warning. I keep forgetting strdup(3) because of it's POSIX not C.

nikp123 commented 4 years ago

Sure, but that #ifdef includes only POSIX code, so it's perfectly fine.