Re: [PATCH v2 6/7] topology: Add support for parsing vendor tuples

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 05 Apr 2016 10:53:24 +0200,
Mengdong Lin wrote:
> 
> 
> On 04/05/2016 02:14 PM, Takashi Iwai wrote:
> > On Tue, 05 Apr 2016 07:47:08 +0200,
> > Mengdong Lin wrote:
> >>
> >>
> >>
> >> On 03/30/2016 03:35 PM, Takashi Iwai wrote:
> >>> On Wed, 30 Mar 2016 09:11:17 +0200,
> >>> mengdong.lin@xxxxxxxxxxxxxxx wrote:
> >>>>
> >>>> +		switch (type) {
> >>>> +		case SND_SOC_TPLG_TUPLE_TYPE_UUID:
> >>>> +			len = strlen(value);
> >>>> +			if (len > 16 || len == 0) {
> >>>> +				SNDERR("error: tuple %s: invalid uuid\n", id);
> >>>> +				goto err;
> >>>> +			}
> >>>> +
> >>>> +			memcpy(tuple->uuid, value, 16);
> >>>
> >>> This may still overflow :)
> >>> How about simply using elem_copy_text()?
> >>
> >> Sorry for the late reply.
> >>
> >> Would you mind me using uuid_parse() here?
> >> It can convert an input UUID string into the binary representation.
> >>
> >> An UUID string link "1b4e28ba-2fa1-11d2-883f-b9a761bde3fb" is user
> >> friendly for the text conf file. But this will add dependency on libuuid.
> >
> > Additional dependency is no-go, especially when the required change is
> > so trivial.  It's just a string copy, after all.
> >
> 
> Maybe we can just use strncpy(dest, src, 16), assuming the strncpy will 
> not try to write a "\0" at dest[16] that may cause overflow?

You seem to think of things more complicated than needed.

Just reread your code.  What if a shorter string value is passed there
to memcpy() call?  That's what I suggested as an overflow.


Takashi
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux