FS#11947 - Fix off-by-one buffer access in playlist.c

Attached to Project: Rockbox
Opened by Thomas Jarosch (thomasjfox) - Wednesday, 16 February 2011, 20:24 GMT
Last edited by Thomas Jarosch (thomasjfox) - Friday, 18 February 2011, 21:57 GMT
Task Type Patches
Category Playlists
Status Closed
Assigned To No-one
Operating System All players
Severity Medium
Priority Normal
Reported Version Daily build (which?)
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



attached patch fixes an off-by-one buffer access in playlist.c
detected by valgrind:

==9476== Conditional jump or move depends on uninitialised value(s)
==9476== at 0x414D48: format_track_path (playlist.c:1663)
==9476== by 0x417969: playlist_save (playlist.c:3350)
==9476== by 0x40E0F0: save_playlist_screen (playlist_menu.c:55)
==9476== by 0x4081B3: do_menu (menu.c:580)
==9476== by 0x41AAF4: miscscrn (root_menu.c:323)
==9476== by 0x41ACD0: load_screen (root_menu.c:519)
==9476== by 0x41AF4F: root_menu (root_menu.c:687)
==9476== by 0x406ECA: main (main.c:196)

We first have to check the current position and then read the memory.

It's a bit odd the comment of the code says

"/* Zero-terminate the file name */

and all it does is look for \r or \n?

This task depends upon

Closed by  Thomas Jarosch (thomasjfox)
Friday, 18 February 2011, 21:57 GMT
Reason for closing:  Fixed