On Wed, 30 Mar 2016 09:11:17 +0200,
mengdong.lin@xxxxxxxxxxxxxxx wrote:
>
> + switch (type) {
> + case SND_SOC_TPLG_TUPLE_TYPE_UUID:
> + len = strlen(value);
> + if (len > 16 || len == 0) {
> + SNDERR("error: tuple %s: invalid uuid\n", id);
> + goto err;
> + }
> +
> + memcpy(tuple->uuid, value, 16);
This may still overflow :)
How about simply using elem_copy_text()?
> + case SND_SOC_TPLG_TUPLE_TYPE_BYTE:
> + case SND_SOC_TPLG_TUPLE_TYPE_SHORT:
> + case SND_SOC_TPLG_TUPLE_TYPE_WORD:
> + tuple_val = strtol(value, NULL, 0);
> + if (tuple_val == LONG_MIN || tuple_val == LONG_MAX
> + || (type == SND_SOC_TPLG_TUPLE_TYPE_WORD
> + && tuple_val > 0xffffffff)
Is the check correct on 32bit architecture?
> + || (type == SND_SOC_TPLG_TUPLE_TYPE_SHORT
> + && tuple_val > 0xffff)
> + || (type == SND_SOC_TPLG_TUPLE_TYPE_BYTE
> + && tuple_val > 0xff)) {
Also, what about negative values?
Takashi
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
