dev builds
themes manual
device status forums
mailing lists
IRC bugs
dev guide

Rockbox mail archive

Subject: Re: Buffering strangeness on the Sansa e200.

Re: Buffering strangeness on the Sansa e200.

From: Magnus Holmgren <>
Date: Wed, 23 Jan 2008 10:12:58 +0100 (MET)

On Wed, 23 Jan 2008, Bryan Childs wrote:

> The version that Nico had in albumart.c of strip_extension() used to
> take a length argument for the filename. Changing it to use the
> existing implementation of strip_extension used everywhere else in
> Rockbox meant ditching that argument - so the strcpy() in the
> strip_extension() function being used now *could* cause a buffer
> overflow if the destination buffer you pass in is shorter than the
> filename. However, as albumart.c only calls strip_extension() once,
> and the destination buffer's size is MAX_PATH + 1, I don't really see
> how this could actually occur.

The strip_extension call itself is fine, but see what happens after that
call in albumart.c. The two calls to strcat following strip_extension are
no longer safe.

Received on 2008-01-23

Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy