8000 Potential Buffer Over-read Risk in aubio_sampler_load · Issue #421 · aubio/aubio · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Potential Buffer Over-read Risk in aubio_sampler_load #421
New issue
New issue
Open
Open
Potential Buffer Over-read Risk in aubio_sampler_load#421
@yhrscholar

Description

@yhrscholar
yhrscholar
opened on Apr 23, 2025

Description

There is a potential vulnerability in the aubio_sampler_load function(src/synth.sampler.c) related to how the input URI string is copied into the o->uri buffer. The code allocates memory based on the length calculated by strnlen but uses strncpy in a way that can result in a non-null-terminated string under specific conditions.

// Inside aubio_sampler_load:
if (o->uri) AUBIO_FREE(o->uri);
o->uri = AUBIO_ARRAY(char_t, strnlen(uri, PATH_MAX)); 
strncpy(o->uri, uri, strnlen(uri, PATH_MAX)); 
o->source = new_aubio_source(o->uri, o->samplerate, o->blocksize); 
// ...

Impact:

When the potentially non-null-terminated o->uri is subsequently passed to functions that expect a standard C string, these functions might read past the end of the allocated buffer (o->uri) while searching for a null terminator.

Version

commit hash: dd9287c

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0