Skip to main content
Topic: Buffer overflow in pfc::strcpy_utf8_truncate (Read 393 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Buffer overflow in pfc::strcpy_utf8_truncate

SDK 2015-08-03, pfc/utf8.cpp:
Code: [Select]
unsigned strcpy_utf8_truncate(const char * src,char * out,unsigned maxbytes)
{
unsigned rv = 0 , ptr = 0;
if (maxbytes>0)
{
maxbytes--;//for null
while(!check_end_of_string(src) && maxbytes>0)
{
            t_size delta = utf8_char_len(src);
            if (delta>maxbytes || delta==0) break;
            do
            {
                out[ptr++] = *(src++);
            } while(--delta);
rv = ptr;
}
out[rv]=0;
}
return rv;
}
maxbytes is not decreased during the execution.

Possible fix:
Code: [Select]
            if (delta>maxbytes || delta==0) break;
+            maxbytes -= delta;
            do

Re: Buffer overflow in pfc::strcpy_utf8_truncate

Reply #1
Thanks for reporting. The fix is correct, I'll merge it with the SDK.


Edit: Quick search reveals that this function is not ever used in foobar2000 source, so the bug can only possibly affect third party components that call this function - not foobar2000 app itself.

 
SimplePortal 1.0.0 RC1 © 2008-2018