Skip to content

M
mpd
Commit ac46a843 authored by Max Kellermann's avatar Max Kellermann
Browse files
Options

playlist/cue/parser: fix off-by-one buffer overflow

cue_next_word() can return a pointer one past the end of the string if the word is followed by the terminating null byte.
parent dffd5831
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 2 deletions
NEWS
View file @ ac46a843
...@@ -2,6 +2,8 @@ ver 0.22.1 (not yet released) ...@@ -2,6 +2,8 @@ ver 0.22.1 (not yet released)
* output * output
- alsa: don't deadlock when the ALSA driver is buggy - alsa: don't deadlock when the ALSA driver is buggy
- jack, pulse: reduce the delay when stopping or pausing playback - jack, pulse: reduce the delay when stopping or pausing playback
* playlist
- cue: fix crash bug
ver 0.22 (2020/09/23) ver 0.22 (2020/09/23)
* protocol * protocol
......
src/playlist/cue/CueParser.cxx
View file @ ac46a843
...@@ -38,8 +38,12 @@ cue_next_word(char *p, char **pp) ...@@ -38,8 +38,12 @@ cue_next_word(char *p, char **pp)
while (!IsWhitespaceOrNull(*p)) while (!IsWhitespaceOrNull(*p))
++p; ++p;
*p = 0; if (*p != 0) {
*pp = p + 1; *p = 0;
*pp = p + 1;
} else
*pp = p;
return word; return word;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment