This is the bug/patch tracker for Rockbox. Click here for more information.
Quick links: Bugs · Patches · Rockbox frontpage
FS#11947 - Fix off-by-one buffer access in playlist.c
Attached to Project:
Rockbox
Opened by Thomas Jarosch (thomasjfox) - Wednesday, 16 February 2011, 21:24 GMT+2
Last edited by Thomas Jarosch (thomasjfox) - Friday, 18 February 2011, 22:57 GMT+2
Opened by Thomas Jarosch (thomasjfox) - Wednesday, 16 February 2011, 21:24 GMT+2
Last edited by Thomas Jarosch (thomasjfox) - Friday, 18 February 2011, 22:57 GMT+2
|
DetailsHello,
attached patch fixes an off-by-one buffer access in playlist.c detected by valgrind: ==9476== Conditional jump or move depends on uninitialised value(s) ==9476== at 0x414D48: format_track_path (playlist.c:1663) ==9476== by 0x417969: playlist_save (playlist.c:3350) ==9476== by 0x40E0F0: save_playlist_screen (playlist_menu.c:55) ==9476== by 0x4081B3: do_menu (menu.c:580) ==9476== by 0x41AAF4: miscscrn (root_menu.c:323) ==9476== by 0x41ACD0: load_screen (root_menu.c:519) ==9476== by 0x41AF4F: root_menu (root_menu.c:687) ==9476== by 0x406ECA: main (main.c:196) We first have to check the current position and then read the memory. It's a bit odd the comment of the code says "/* Zero-terminate the file name */ and all it does is look for \r or \n? Cheers, Thomas 
playlist-fix-off-by-one.patch
(1.1 KiB)
b/apps/playlist.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) |
This task depends upon
Closed by Thomas Jarosch (thomasjfox)
Friday, 18 February 2011, 22:57 GMT+2
Reason for closing: Fixed
Friday, 18 February 2011, 22:57 GMT+2
Reason for closing: Fixed