[SCM] csound/master: Fix segfault in csladspa. Closes: #672204

fsateler at users.alioth.debian.org fsateler at users.alioth.debian.org
Wed Jun 6 13:23:24 UTC 2012 

The following commit has been merged in the master branch:
commit db1f163948aa12e86a8190896da5a10b7b189efc
Author: Felipe Sateler <fsateler at debian.org>
Date:   Wed May 9 14:29:08 2012 -0400

    Fix segfault in csladspa. Closes: #672204

diff --git a/debian/patches/0004-fix-unsafe-strcpy.patch b/debian/patches/0004-fix-unsafe-strcpy.patch
new file mode 100644
index 0000000..8f6fd1a
--- /dev/null
+++ b/debian/patches/0004-fix-unsafe-strcpy.patch
@@ -0,0 +1,37 @@
+commit 6a7654d5a23c5f8dc8773c83862f7677945712b1
+Author: Felipe Sateler <fsateler at debian.org>
+Date:   Sun May 6 11:53:15 2012 -0400
+
+    Fix unsafe strcpy
+    
+    getenv returns NULL when an environment variable is not set. strcpy'ing
+    NULL is not safe. At the same time, strcpy on untrusted input is not
+    safe either. So, move from strcpy to strncpy and protect it
+
+diff --git a/frontends/csladspa/csladspa.cpp b/frontends/csladspa/csladspa.cpp
+index 567d184..95f4f30 100644
+--- a/frontends/csladspa/csladspa.cpp
++++ b/frontends/csladspa/csladspa.cpp
+@@ -412,12 +412,19 @@ unsigned int CountCSD(char **csdnames)
+   int             i = 0;
+   size_t    indx = 0;
+   char ladspa_path[1024] = "";
++  const char *src = NULL;
+ 
+-#ifndef MACOSX
+-  strcpy(ladspa_path, getenv("LADSPA_PATH"));
++#ifdef MACOSX
++  src = "/Library/Audio/Plug-Ins/LADSPA";
+ #else
+-  strcpy(ladspa_path, "/Library/Audio/Plug-Ins/LADSPA");
++  src = getenv("LADSPA_PATH");
+ #endif
++
++  if(src) {
++    strncpy(ladspa_path, src, 1024);
++    ladspa_path[1023] = '\0';
++  }
++
+   // if no LADSPA_PATH attempt to open
+   // current directory
+   if(strlen(ladspa_path) == 0) dip = opendir(".");
diff --git a/debian/patches/series b/debian/patches/series
index 3572c4d..b26aa71 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,7 @@
 0001-functions-custom-cmake.diff
 0002-link-dssi-dl.patch
 0003-csoundac.patch
+0004-fix-unsafe-strcpy.patch
 2000-avoid-nonfree-scansyn-plugin.diff
 2001-lua-link.diff
 2004-fix-gettext.diff

-- 
csound packaging

More information about the pkg-multimedia-commits mailing list