Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Buffer overflow in pfc::strcpy_utf8_truncate (Read 1503 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Buffer overflow in pfc::strcpy_utf8_truncate

SDK 2015-08-03, pfc/utf8.cpp:
Code: [Select]
unsigned strcpy_utf8_truncate(const char * src,char * out,unsigned maxbytes)
{
	unsigned rv = 0 , ptr = 0;
	if (maxbytes>0)
	{	
		maxbytes--;//for null
		while(!check_end_of_string(src) && maxbytes>0)
		{
            t_size delta = utf8_char_len(src);
            if (delta>maxbytes || delta==0) break;
            do 
            {
                out[ptr++] = *(src++);
            } while(--delta);
			rv = ptr;
		}
		out[rv]=0;
	}
	return rv;
}
maxbytes is not decreased during the execution.

Possible fix:
Code: [Select]
            if (delta>maxbytes || delta==0) break;
+            maxbytes -= delta;
            do

Re: Buffer overflow in pfc::strcpy_utf8_truncate

Reply #1
Thanks for reporting. The fix is correct, I'll merge it with the SDK.


Edit: Quick search reveals that this function is not ever used in foobar2000 source, so the bug can only possibly affect third party components that call this function - not foobar2000 app itself.
Microsoft Windows: We can't script here, this is bat country.