Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix out-of-bounds read in FillInParameterName #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix out-of-bounds read in FillInParameterName #3

wants to merge 1 commit into from

Conversation

reuk
Copy link

@reuk reuk commented Dec 7, 2023

  • I understand that response time may be limited because the project doesn't accept pull requests.
  • I agree to the terms outlined in CONTRIBUTING.md

This change fixes a potential out-of-bounds read by CFStringGetCString. offsetof(..., clumpID is not the correct buffer size for name, because the definition of AudioUnitParameterInfo includes an extra field, unitName, between name and clumpID. Additionally, the compiler may choose to insert padding after name in order to ensure the correct alignment of the following struct member.

struct AudioUnitParameterInfo {
	char name[52];
	CFStringRef __nullable unitName;
	UInt32 clumpID;
	...

@sophiapoirier
Copy link

Thank you for catching this! And your solution looks good. Per our documentation, we do not merge PRs here, but have opened a PR internally to incorporate the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@reuk @sophiapoirier